Access Public URLs from IBM Cloud storage - node.js

I have created a IBM cloud Object storage service and i have created objects i.e image files in it.
I am looking for the steps to access the images as public URLs. I did some initial research and found there are cURL commands using swift Client to do this.
Reference links
How to access files in container in Object Storage Service in Bluemix? AND
Public URLs For Objects In Bluemix Object Storage Service
from the above links, it says the following steps
Set up the swift CLI . Can you link me the steps to set up Swift CLI ? ( the link in the reference link dosen't work anymore ).
2.Change the container ACL to read with following PUT request
curl -X PUT "https://dal.objectstorage.open.softlayer.com/v1/AUTH_123/mycontainer" \
-H "X-Auth-Token: token123" \
-H "X-Container-Read: .r:*"
But i am not sure what to input on X-Auth-Token header ? i have the following information from the service credentials of COS.
{
"apikey": "X7aDm6yu123123hXwqvq1231232HgOtIGeZiAOEg",
"endpoints": "https://cos-service.bluemix.net/endpoints",
"iam_apikey_description": "Auto generated apikey during resource-key operation for Instance - crn:v1:bluemix:public:cloud-object-storage:global:a/f9aabca54c702be8386b2a3f9815b4e4:d145a33e-e8b1-446f-a87d-69431eaec0b1::",
"iam_apikey_name": "auto-generated-apikey-bed16ed5-1373-47bc-b268-5e0f521bc802",
"iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Writer",
"iam_serviceid_crn": "crn:v1:bluemix:public:iam-identity::a/f9aabca54c702be8386b2a3f9815b4e4::serviceid:ServiceId-36c373a0-4bb9-4316-bc4b-86ea4c98dcd7",
"resource_instance_id": "crn:v1:bluemix:public:cloud-object-storage:global:a/f9aabca54c702be8386b2a3f9815b4e4:d145a33e-e8b1-446f-a87d-69431eaec0b1::"
}
Any help would be really appreciated. Thanks

The bearer token is from IAM.
https://console.bluemix.net/docs/services/cloud-object-storage/getting-started-cli.html#gather-key-information
See this doc on generating pre-signed urls (temporary).
https://console.bluemix.net/docs/services/cloud-object-storage/api-reference/api-reference-objects.html#object-operations

To do a one-off request like that, you can get oauth tokens from the command line using ibmcloud iam oauth-tokens. To specifically get an IAM Token, I use:
export IAM_TOKEN=`ibmcloud iam oauth-tokens | head -n 1 | awk ' {print $4} '`
Then follow that up with your cURL command:
curl -H "Authorization: Bearer $IAM_TOKEN" ...
An application should request tokens based on the apiKey as mentioned.
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Cache-Control: no-cache" -d 'apikey=<your api key here>&grant_type=urn:ibm:params:oauth:grant-type:apikey' "https://iam.bluemix.net/identity/token"
Here's an example using NPM's request-promise:
const response = await rp({
url: 'https://iam.bluemix.net/identity/token',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
method: "POST",
body: `apikey=${apiKey}&grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey`,
json: true
});
const token = response.access_token;

Related

Using nodejs google cloud logging library with user access token

I'm trying to use the user token (gcloud auth print-access-token) to leverage getting logs using #google-cloud/logging.
Basic code snippet:
import { GetEntriesResponse, Logging } from "#google-cloud/logging";
export async function readLogsAsync() {
const logging = new Logging();
const [entries, _, response]: GetEntriesResponse = await logging.getEntries({
filter: 'resource.type="k8s_container"',
resourceNames: 'projects/acme',
autoPaginate: false,
pageSize: 100
});
console.log(entries.length, response.nextPageToken)
}
Similar call in http works with the user token, so I'm assuming there must be some way to communicate it with the node.js api, but I couldn't find an example or documentation.
curl --location --request POST 'https://logging.googleapis.com/v2/entries:list?alt=json' \
--header "Authorization: Bearer $(gcloud auth print-access-token)" \
--header 'Content-Type: application/json' \
--data-raw '{
"filter": "resource.type=\"k8s_container\"",
"orderBy": "timestamp desc",
"pageSize": 100,
"resourceNames": [
"projects/amce"
]
}'
You're not authenticating the code.
Google's libraries support a mechanism called Application Default Credentials (ADC).
ADC makes it easy to authenticate code deployed to Google Cloud Platform and when running locally. To run locally, you will need to export GOOGLE_APPLICATION_CREDENTIALS with the path to a Service Account key.
As #guillaume-blaquiere comments, you can effect this behavior using gcloud auth application-default but it is better to use a Service Account.

Get à 401 Unauthorized when trying to lint my gitlab-ci.yml (version 13.8)

Since monday, I'm not able to use the lint CI API from gitlab, which is documented here https://docs.gitlab.com/ee/api/lint.html#validate-the-ci-yaml-configuration
I'm working on a self hosted gitlab, and we updated gitlab to the last version (13.8.4).
I've noticed that the documentation has changed between 13.8 and 13.9, they mentioned
Access to this endpoint requires authentication.
So I tried to generate a personal access token with full access (I'm admin), but I still get a 401.
Here is my try :
$ curl --header "Content-Type: application/json" --header "PRIVATE-TOKEN: P3r50Na1t0k3N" "https://my-domain.artips.fr/api/v4/ci/lint" --data '{"content": "{ \"image\": \"ruby:2.6\", \"services\": [\"postgres\"], \"before_script\": [\"bundle install\", \"bundle exec rake db:create\"], \"variables\": {\"DB_NAME\": \"postgres\"}, \"types\": [\"test\", \"deploy\", \"notify\"], \"rspec\": { \"script\": \"rake spec\", \"tags\": [\"ruby\", \"postgres\"], \"only\": [\"branches\"]}}"}'
# Result : {"message":"401 Unauthorized"}
# Other try
$ curl -X POST --header "Content-Type: application/json" --header "PRIVATE-TOKEN: P3r50Na1t0k3N" "https:///my-domain.artips.fr/api/v4/ci/lint" --data '{"content": "{ \"image\": \"ruby:2.6\", \"services\": [\"postgres\"], \"before_script\": [\"bundle install\", \"bundle exec rake db:create\"], \"variables\": {\"DB_NAME\": \"postgres\"}, \"types\": [\"test\", \"deploy\", \"notify\"], \"rspec\": { \"script\": \"rake spec\", \"tags\": [\"ruby\", \"postgres\"], \"only\": [\"branches\"]}}"}'
# same result: {"message":"401 Unauthorized"}
Has anyone run into the same problem ?
Thanks in advance
Takeshi
There is an ongoing issue regarding the CI Lint API endpoint. It seems that authentication for this endpoint doesn't work when "signing up" is disabled on on-premise Gitlab instance. I guess the issue will be fixed in future releases.
The user token's scope must grant read/write permission to yout gitlab instance's API (as you may see in the picture). The user hasn't to be admin.
import requests
import urllib.parse
from requests.auth import HTTPBasicAuth
url = 'https://gitlab.example.com/'
api = urllib.parse.urljoin(url, '/api/v4/projects')
private_token = 'xxx'
params = dict(private_token=private_token)
auth = HTTPBasicAuth('username', 'password') # username and password, different from login account, generally provided from ops
response = requests.get(api, params, auth=auth)
print(response)
print(response.json())

How can I use the GitHub Rest API to update a repository that is part of an organization?

I have a large number of GitHub repositories that have been sorted into various organizations. I wish to change the visibility of the repos by batch to public using the following API call:
curl -u {user}:{pat} -H "Accept: application/vnd.github.v3+json" -X PATCH https://api.github.com/repos/{user}/angular.powershifter -d '{"private":false}'
Which as best as I can tell is the API call (see github docs). The {user] and {pat} in the sample above are real values, and the {pat} has every option selected. The {user} is both the owner of the repo and the organization.
What I get in response is is a 404 with the following body.
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/repos#update-a-repository"
}
Is it possible to set the properties of repositories under an organization using the API?
What is the API call?
Bonus points if you can point me to the documentation!
Thanks.
Use Bearer Token based authentication. Github is deprecating password based authentications.
curl \
-H 'Authorization: Bearer ${GITHUB-TOKEN}' \
-X PATCH \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${OWNER}/${repo} \
-d '{"private":"false"}'
Link for the github documentation
https://docs.github.com/en/free-pro-team#latest/rest/overview/other-authentication-methods
Yes it is possible.
I've had some issues with this too.
Short answer use bearer token (As #shek said), and change false to "false":
curl -v -H "Authorization: Bearer ${GITHUB_TOKEN}"
-X PATCH https://api.github.com/repos/${ORGANIZATION}/${REPO}
-H "Accept: application/vnd.github.v3+json" -d '{"private": "false"}';
Notice that your token has full control of private repositories when creating the token:
full control of private repositories image
The link is quite confusing, because if for example you need to get all the repositories from GitHub you'll have to use:
https://api.github.com/orgs/${ORGANIZATION}/repos?${parameters}
Also when you need to change permissions you'll need to use:
https://api.github.com/orgs/${ORGANIZATION}/teams/${TEAM}/repos/${ORGANIZATION}/${REPO}
(Notice the orgs, which is missing in the PATCH command).
GitHub repositories documentation:
https://docs.github.com/en/rest/reference/repos#update-a-repository
GitHub auth methods (From #shek):
https://docs.github.com/en/free-pro-team#latest/rest/overview/other-authentication-methods

Paypal integration issue with KillBill in a node app

I am trying to integrate paypal payment gateway in my Node app in which i'm calling KillBill api provided for Paypal gateway in itsw documentation it is described that we will recieve a url in location header.
But on hitting it in postman i'm recieving html of that page instead of its url in Headers with key "location".
How to integrate it in node app so that if i make request to its url i get back the url of page to be redirected and can do anything i want.
KillBill docs link https://github.com/killbill/killbill-paypal-express-plugin
following is the api i'm using of paypal integration provided by kill bill
curl -v \
-X POST \
-u admin:password \
-H 'X-Killbill-ApiKey: bob' \
-H 'X-Killbill-ApiSecret: lazar' \
-H 'X-Killbill-CreatedBy: admin' \
-H 'Content-Type: application/json' \
-d '{
"kb_account_id": "13d26090-b8d7-11e2-9e96-0800200c9a66",
"currency": "USD",
"options": {
"return_url": "http://www.google.com/?q=SUCCESS",
"cancel_return_url": "http://www.google.com/?q=FAILURE",
"billing_agreement": {
"description": "Your subscription"
}
}
}' \
http://127.0.0.1:8080/plugins/killbill-paypal-express/1.0/setup-checkout
I have sort it some way i just converted that response html into a circular Json array and than found the URL of that html page in some index of that array as a key value pair of an object. Don't know that if it is a perfect solution but it works fine and according to my requirements.

Github API Create Issues return 404 Not found

I am making a request to the below URL-
Post https://api.github.com/repos/kvimal/2048/issues
With my Token as a header for authorization.
The Curl Request
curl -i -X POST https://api.github.com/repos/kvimal/2048/issues -d "{title:'hey'}" -H "Authorization: Bearer xxxxxxxxxxxxxxxxxx" -H "Content-Type: application/json"
And GitHub sends a response 404 Not found. I have reade the Documentation and as far as i have observed i am doing it by the github standards. Can anyone Help with this issues?
As illustrated in this python script, the header should be using 'token' not Bearer'
headers = {
'Content-Type':'application/json',
'Authorization': 'token %s' % token,
}
(That script doesn't use curl, but give an idea of the header)
For curl queries, see this curl POST tutorial:
curl -H "Authorization: token OAUTH-TOKEN"
And the POST message must be complete as well (as in this python script)
issue = {'title': title,
'body': body,
'assignee': assignee,
'milestone': milestone,
'labels': labels}
# Add the issue to our repository
r = session.post(url, json=issue)
(again, not curl, but gives you an example of the body)
Go to "Edit personal access token" page, checkout the "Select scopes" session.
Make sure the token has been granted required access right.
I encountered similar case when trying to create public repo with 'Authorization: token ...' header.

Resources