I am using Node library to integrate my application with BigQuery. I am planning to accept projectId, Email and private key from user and then I will validate credentials by making call to getDataset operation with limit 1 This will ensure that all 3 parameters passed by user are proper.
But then I realized that even if I pass different valid project ID, my call to getDataset passes. Operation gets datasets from that project. So I was wondering if Service account is not linked to project. Any idea how I can validate these three parameters ?
A service account key has some attributes inside it including project_id, private_key, client_email and many others. In this page you can find how to configure the credentials to use the client libraries.
Basically, the first step is creating a service account and download a JSON key (I suppose that you already completed this step)
Then you need to set an environment variable in your system so your application can access the credentials.
For Linux/Mac you can do that running:
export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
For Windows (using CMD):
set GOOGLE_APPLICATION_CREDENTIALS=[PATH]
Related
I try to create integration-tests using Jest, the idea is the that those tests perform basis validation for Dynamics 365 (for example: 'Certain teams are provided with an set of security roles). For this purpose do I need to actually invoke the API of Dynamics 365 (load role assignment per team).
I do no like the idea, to store the credentials in plain text in config.js.
Question is now, how do I obtain username and password (or clientid and app secret), needed to authenticate the user that runs the tests with Dynamics 365?
Is is possible to interact with the user when executing Jest test?
How do I cache the already credentials to ensure the user does not need to provide this Information for every run
I have a google apps script that has an API key set as a property (getScriptProperties()). The script is attached to a spreadsheet. Will users of the spreadsheet conceivably have access to the API key? Would this be different if said property were contained in a library the script invoked?
Will users of the spreadsheet conceivably have access to the API key?
Yes, if stored in Script/Document properties. User properties are also accessible, if the user has installed a trigger.
Would this be different if said property were contained in a library the script invoked?
Kind of. As written in resource scoping, Script properties are not shared, i.e., library has it's own instance of script properties. Although it's not shared automatically, you should be careful not to code in such a way to give access to the end users(i.e., The actual fetch should happen in the library. Secrets should never reach user code). It may still be possible to access the tokens through debugger, overriding methods(see link below). User properties are shared.
Related:
Securely Storing API Secrets used in Google Apps Script - Published Library
What is the appropriate way to manage API secrets within a Google Apps script?
When trying to run queries from python (boto3) to AWS Athena, the following error is raised:
botocore.exceptions.ClientError: An error occurred
(AccessDeniedException) when calling the StartQueryExecution
operation: User: arn:aws:iam::account-id:user/sa.prd is not
authorized to perform: athena:StartQueryExecution on resource:
arn:aws:athena:us-east-1:account-id:workgroup/primary
I don't have access to AWS console. I was also informed that there is another user "sa.prd.athena" that has the right permissions (what seems not to happen to "sa.prd").
Is it possible to use boto3 specifying a different user? Now don't use any specific user.
If not possible to use a different user, is it possible to set some kind of policy to be used by boto3 in runtime execution (this because I don't have access to AWS management console)
Thanks,
BR
The User in AWS is determined by the credentials that are used to sign the API call to the AWS API. There are several ways to pass these credentials to AWS SDKs in general (and boto3 in particular).
It looks for credentials in these places and takes them from the first one where they're present:
Hard-Coded credentials while instantiating a client
Credentials stored in environment variables
Credentials stored in ~/.aws/credentials (By default it uses those of the default profile)
In the instance metadata service on EC2/ECS/Lambda
Since you're not directly setting up credentials, I assume it takes them from the SDK configuration (3), so you could just overwrite them while instantiating your Athena client like this:
import boto3
athena_client = boto3.client(
'athena',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
aws_session_token=SESSION_TOKEN
)
This is an adapted example from the documentation, you need to specify your credentials instead of the uppercase variables.
Hardcoding these is considered bad practice though, so you might want to look into option (2) using environment variables, or setting up another profile in your local SDK and telling the client to use that. Information on that can be found in the boto3-docs I linked above.
I have setup a private cloud which has 2 computes and the back end is working successfully. OpenStack and Horizon is used to create and manage instances.
Basically, Horizon would be used on an administrator level and not by the user. So for the user to enter inputs like RAM, Disk Storage, Image etc, i want to create a frontend (ReactJS, NodeJS) website though which they can provide the details for VM creation.
The flow would be:
User provides all details through an HTML form.
Those details go to the Administrator sitting who will check the details and then approve the request.
Once the request is approved, VM is created and user can manage the VM.
I want to achieve somewhat like the above.
The goal is to not allow access for the user to create, manage VM instances through horizon.
Any help ?
EDITS
The flow should be the following :
Login to the front end user dashboard.
Allow user to create a flavor by accepting the values.
Store the values into MySQL DB.
Admin would get the request inn his login. An 'Accept' and 'Decline' button would be there on each flavor entry. If admin accepts, using shelljs the openstack flavor creation command is run and the output is saved in db.
The user could get the accepted flavor on his side.
The user would create a VM instance by selecting the flavor which he recieved above.
Using openstack create server command, the VM would be created and a token url would be generated which will be displayed to the user.
8.When user clicks on the url, VM is launched.
So the above is the goal to be achieved using React, NodeJS and MySQL.
The difficult parts would be:-
Running the openstack cli commands using shelljs
Generating a token url.
I hope there might be a way to do this.
Thanks
Not sure how to help you on this. Some ideas:
You will need a python backend unless you want your backend to talk to the OpenStack REST API directly. Similarly to Horizon, using the Django Python web framework will save you some time with using the python client APIs
Then you can build a frontend app with ReactJS and BackboneJS. Since ReactJS itself will not let you communicate with the HTTP Response generated by your backend. Also, you should look into Redux to deal with the data flow.
Here is an open source project which does what you want mostly: https://github.com/cyverse/atmosphere/
HTH
I've downloaded the starter pack and performed all steps as mentioned in the tutorial. I can create accounts but if I log out and want to sign in again I always get the error invalid username or password. Can anyone share any pointers as debugging this is nearly impossible.
I've created several accounts already just to be sure the password was ok.
I've created the keycontainers
I've created the two applications that are needed in the custom policies (web app and native)
I've updated the extension file with the correct id's
yeah if you dont get your client IDS correct you cant log in and then it constantly reports as invalid credentials.
Double check that you are writing the object ids correctly.