I've been trying to create a create a security scan for our GCP App-Engine deployment using the Web Security Scanner service and authenticating via a Gmail account(as per instructions found here).
I've tried three individual Gmail accounts (one is my own personal account and the other two were created specifically for this scan). However the scanner setup continues to complain:
"Could not sign in using the provided username and password"
There is a line in the instructions link that reads: "Google enforces a real name policy on Google accounts. If the name on your test account doesn't look real, the account might be blocked.". However two of the three Gmails accounts use the standard 'fname.lname#gmail.com' addresses, while the third is a 'initialLastName802#gmail.com' type.
Any pointers as to what might be wrong with my setup is appreciated.
I have tried to reproduce the error on my GCP and indeed, I could reproduce the same issue on my side. The error that I received was the below one, checking in the browser's console.
{
"error": {
"code": 400,
"message": "Could not sign in using the setting provided by scan_config.authentication.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.cloud.websecurityscanner.v1beta.ScanConfigError",
"code": "FAILED_TO_AUTHENTICATE_TO_TARGET"
}
]
}
}
I have created an issue within the Google Issue Tracker - that you can access here - for this to be investigated by the Google team - you can contact them directly on their Support as well if you think they could faster for you or follow the issue that I opened with them.
Let me know if it helped you!
Related
I'm in the process of migrating from Cloud Service (classic) to Cloud Service (extended support) in Azure. Unfortunately, CS extended support documentation is very scarce and often inaccurate, so the process if very much not straight forward. At this point, I'm working on the deployment pipelines. With CS classic, we used management APIs to deploy/update/etc. The API for extended support is more straight forward, however, again, the documentation is lacking. The best I found was this page: Cloud Service - create or update. While this provides fairly good starting points, I'm struggling to find any info on the following points:
ServiceConfiguration element - what format is this in? Is it pure XML (encoded within JSON, of course) or something else? For classic API, service configuration was passed as a BASE64 encoded XML.
The request body (JSON) contains some of the same elements as in the service configuration - what happens if they don't match?
Package URL - what format is this in? The package is stored in an azure storage account - so how do I reference it? Also, for authentication, I can't grant the CS any permissions to the storage account, as it's not created yet (it doesn't exist!) - but it seemingly needs this permission in order to be created.
RDP extension - what format is "password" in? Is this really just a plain password? For classic, RDP password was encrypted using a certificate, which was separately uploaded into the service.
SSL certificate from the vault - how is authentication going to work? Again, the CS doesn't exist yet, so I can't grant it any permissions in the vault.
On authentication front, I managed to send the auth request and get the oauth2 token, which I would then use for this API - could this be enough? Of course, I can try this, but need to understand the other things first (i.e. format of some elements).
Note separately that deployment pipeline is executed from Jenkins and must stay that way - I don't have any control over that.
UPDATE: I tested this as best I could with service configuration being plain xml, with content matching the rest of json input, plain text password for RDP extension, and hoping for the auth to use bearer token. The response I received was 400, with the following details:
{
"error": {
"code": "InvalidParameter",
"message": "The value of parameter packageUrl is invalid."
}
}
So, back to my point 3 above - what is the format of package url?
UPDATE 2: After some experimenting, it did accept the package URL with the SAS token. Now I'm stuck with this error:
{
"error": {
"code": "StandardPublicIPAddressNotSupportedCloudService",
"message": "Standard public IP not supported for cloud services."
}
}
Web search for that string returns 0 matches. The template I'm using is copy/paste from MS documentation; the process I'm using is exactly per MS documentation. Any further help massively appreciated.
This isn't exactly what you're after, but I used the following article to help with generating a template.json and parameter.json file which then could be used through Powershell.
https://techcommunity.microsoft.com/t5/azure-paas-blog/how-to-use-azure-devops-to-publish-cloud-service-extended/ba-p/3675180
This is what my Powershell script eventually looked like:
New-AzResourceGroupDeployment -ResourceGroupName "cses-rg" -TemplateFile DeployArm.template.json -TemplateParameterFile DeployArm.parameter.json -packageSasUri $cspkg -configurationSasUri $cscfg -cloudServiceName cldcsestest -deploymentLabel myDeploymentLabel -publicIPName 'MyPublicReservedIp' -rdpPassword $rdpPassword
I only used the Powershell script locally for quicker testing, but my goal was to get it working with Azure Dev Ops.
I will admit that I am not that savvy when it comes to Stripe and I'm just learning.
In the process of setting up our Connect Account we added some Custom Accounts that were rejected or restricted. I have been informed the only way of removing said accounts is via Stripe API.
I installed Stripe CLI on my Mac in hopes that this would be easy. All I get are errors. This is currently what I am using as code and the response I get as an error:
$ stripe accounts delete acct_1JDDIoQSOur1AOsw --live
This command will be executed on the account with the following details:
> Mode: Live
> Account Name: LocalGood2Go
Are you sure you want to perform the command: DELETE?
Enter 'yes' to confirm: yes
{
"error": {
"message": "This application is not authorized to delete this account.",
"type": "invalid_request_error"
}
}
Is it not possible to delete account through the CLI? If not then please advise how I can use the API.
Much appreciated.
I'm trying to request the contents of a Google doc (that I own) using the Google Docs API and the contents would be read to a website. I'm making the following request in Postman:
GET https://docs.googleapis.com/v1/documents/{documentId}?key=API_KEY
where the API_KEY is a key created in Google developer dashboard and is not restricted for now. However, I'm getting the following error:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I have made the doc public (read-access without signing in) and enabled the Docs API in the Google developer dashboard. Further, the dashboard is registering these (failing) requests, so something is going through.The answer is probably in the error message, but to me "or other valid authentication credential" means the API key that I'm already using.
I'm asking for advice on how to make this request successfully without needing to use OAuth or server-side code.
I found a workaround answer to my problem, although it didn't solve the problem with the Docs API. I decided to request the text data from a Google Sheet instead, which works fine with
GET https://sheets.googleapis.com/v4/spreadsheets/documentId?key=API_KEY
when the sheet is public and read-only.
Yes you can open the doc programatically using a service account. You need to "share" the doc with the service account email.
Instructions on creating a service account and reading a Google doc: https://www.futurice.com/blog/read-goog-doc-using-service-account
I am creating a LUIS app using the LUIS programmatic API. After the app is successfully created and trained, I want to assign an API key to the app using this endpoint:
PUT /luis/api/v2.0/apps/{appId}/versions/{versionId}/assignedkey
Both my programmatic API key (obtained from luis.ai) and the normal API key (the one I am trying to assign, obtained from Azure Portal) are registered to the same email address.
However, when I am trying to send a request to the above endpoint, it fails with this error:
{
"error": {
"code": "BadArgument",
"message": "Cannot find the specified subscription"
}
}
I'm out of ideas for what I might be doing wrong, because exactly the same logic already worked before.
Is there some kind of way to "assign" an Azure subscription to my LUIS account?
Update:
I didn't find an answer to my question, but I found a workaround. Calling PUT /luis/api/v2.0/apps/{appId}/settings will set the application to "public", which means you can use any subscription key with it. See docs.
It seems that this endpoint is now deprecated because I get the following:
{
"error": {
"code": "DeprecatedException",
"message": "To assign a subscription key to an app, please go to the LUIS website at https://www.luis.ai and assign it from the app publish page."
}
}
In the luis page I see this:
The endpoint PUT /luis/api/v2.0/apps/{appId}/versions/{versionId}/assignedkey and /luis/api/v2.0/subscriptions are indeed deprecated. I contacted to LUIS support and they answered:
We are shifting the key management experience to happen only through the portal. Users no longer need to copy and paste keys, we offer a well-integrated experience that lists all the Azure keys inside our portal, key management details here.
I used to get user image through this URL
https://plus.google.com/s2/photos/profile/(user_id)?sz=150
but now what all I am getting is 404 error or no image. I know google has changed its policies and way it connects and allows other to get information, but I didn't anything to achieve same result as above.
Note: I can't use authenticate thing here since I am showing image of users to other users which are not connected at all.
OR in other way user may be not coming from Google log-in but I need to show other Google users images only.
Any help would be highly appreciated!!!
Edit:
I have checked through people.get method
https://www.googleapis.com/plus/v1/people/11595...3592320?key=AIzaSyCkdmtNN1XDg....EpepOIIs
but I am getting error saying
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
],
"code": 403,
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
}
Edit: I have this already enabled since I am using Google+ log-in already in my site, here I am attaching screenshot:
Earlier I have also the same problem for my site after so much of research and efforts I found solution from my self and i hope that will also work for you and solve your problem:
Old Trick
Google had changed their policy so the old trick for getting the Google profile image will not work now.
e.g https://plus.google.com/s2/photos/profile/(user_id)?sz=150
New Trick
Get Request:
https://www.googleapis.com/plus/v1/people/115950284...320?fields=image&key={YOUR_API_KEY}
Response :200 OK
{
"image":
{
"url": "https://lh3.googleusercontent.com/-OkM...AANA/ltpH4BFZ2as/photo.jpg?sz=50"
}
}
Where YOUR_API_KEY is your Public API Access key which is generated through Credentials under APIs & Auth from https://console.developers.google.com/
And While creating Public API access key you can choose Referers URL's from which this request should be made but for checking you should try by not adding any URL to it, if it works then go with URL of your site.
You can choose other fields to send with URL which you may need from here.
Happy Coding!!!
You can get this information using the people.get Google+ API call and specifying the userid of the user you want information for. This will include an image.url field which you can use and resize as appropriate.
Since this is public information for a user, you don't need the user to authenticate to access it. You do, however, need an API Key which you will add to the end of the URL used in the API call.
You can get an API Key by going to https://console.developers.google.com/ under the "APIs and auth" section and "Credentials" subsection. You can then click on the button under "Public API Access" that says "Create New Key".
The URL you'll use to get the info will look something like
https://www.googleapis.com/plus/v1/people/1234567890?key=api_key
and you'll get back a JSON object with the profile info.
Update:
Make sure you have also enabled the Google+ API in the developes console. You can get to this through https://console.developers.google.com/, under the "APIs and auth" section and "API" subsection, you can find the "Google+ API" on the list and turn it on.