Develop Reference

Using wiremock to proxy/record calls to AWS Cloudfront service

We have a container-based service running in AWS ECS with the front end hosted by AWS Cloudfront, and authorization handled by AWS Cognito. I'm trying to configure Wiremock to be a proxy for this service so I can record the calls and mappings to later use in unit tests for a client app I'm writing in python.
I'm running the Wiremock server in standalone mode, and have it proxying to calls to the url of our service. However, Cloudfront keeps returning either a 403-Bad Request error or 403-Forbidden error when I connect via Wiremock.
When I use curl, and pass all the correct headers (Content-Type: application/json, Authentication: Bearer ) it works just fine when I use https://myservice.example.com/api/foo. But as soon as I swap out "myservice.example.com" for "localhost:8000", I get the Cloudfront generated errors.
I'm guessing I have some mis-configuration where, despite passing the headers to Wiremock, I haven't properly told Wiremock to pass those headers on to "the service", which is really Cloudfront.
Not being a Java guy, I'm finding the Wiremock docs a little difficult to understand, and am trying to use the command-line arguments to configure Wiremock like this:
/usr/bin/java -jar \
./wiremock-jre8-standalone-2.35.0.jar \
--port=8000 \
--verbose \
--root-dir=test_data/wiremock \
--enable-browser-proxying \
--preserve-host-header \
--print-all-network-traffic \
--record-mappings \
--trust-proxy-target=https://myservice.example.com \
--proxy-all=https://myservice.example.com
Request:
$ curl -k -X GET -H "Content-Type: application/json" \
-H "Authorization: Bearer ${JWT}" \
http://127.0.0.1:8000/api/foo
Response:
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
When using exactly the same curl command, but changing the URL to point directly at my service instead of the proxy, I get the response I expected (hoped for?) through the proxy:
curl -k -X GET -H "Content-Type: application/json" \
-H "Authorization: Bearer ${JWT}" \
https://myservice.example.com/api/foo
[
{
"id": "09d91ea0-7cb0-4786-b3fc-145fc88a1a3b",
"name": "foo",
"created": "2022-06-09T02:32:11Z",
"updated": "2022-06-09T20:08:43Z",
},
{
"id": "fb2b6454-4336-421a-bc2f-f1d588a78d12",
"name": "bar",
"created": "2022-10-05T06:23:24Z",
"updated": "2022-10-05T18:34:32Z",
}
]
Any help would be greatly appreciated.
Thanks.

Curl - implicit grant

Any chance that I can get this OAUTH system to let me login with curl?
When I make the following call with curl, I keep getting the error message bellow and can't get passed it.
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&response_type=code&client_id=xxx_id_xxx&client_secret=xxx_secret_xxx&redirect_uri=https://www.anaf.ro" "https://logincert.anaf.ro/anaf-oauth2/v1/authorize"
{
"error":"invalid_client",
"error_description":"The client app does not support implicit grant"
}
Thanks,
Chris

Get à 401 Unauthorized when trying to lint my gitlab-ci.yml (version 13.8)

Since monday, I'm not able to use the lint CI API from gitlab, which is documented here https://docs.gitlab.com/ee/api/lint.html#validate-the-ci-yaml-configuration
I'm working on a self hosted gitlab, and we updated gitlab to the last version (13.8.4).
I've noticed that the documentation has changed between 13.8 and 13.9, they mentioned
Access to this endpoint requires authentication.
So I tried to generate a personal access token with full access (I'm admin), but I still get a 401.
Here is my try :
$ curl --header "Content-Type: application/json" --header "PRIVATE-TOKEN: P3r50Na1t0k3N" "https://my-domain.artips.fr/api/v4/ci/lint" --data '{"content": "{ \"image\": \"ruby:2.6\", \"services\": [\"postgres\"], \"before_script\": [\"bundle install\", \"bundle exec rake db:create\"], \"variables\": {\"DB_NAME\": \"postgres\"}, \"types\": [\"test\", \"deploy\", \"notify\"], \"rspec\": { \"script\": \"rake spec\", \"tags\": [\"ruby\", \"postgres\"], \"only\": [\"branches\"]}}"}'
# Result : {"message":"401 Unauthorized"}
# Other try
$ curl -X POST --header "Content-Type: application/json" --header "PRIVATE-TOKEN: P3r50Na1t0k3N" "https:///my-domain.artips.fr/api/v4/ci/lint" --data '{"content": "{ \"image\": \"ruby:2.6\", \"services\": [\"postgres\"], \"before_script\": [\"bundle install\", \"bundle exec rake db:create\"], \"variables\": {\"DB_NAME\": \"postgres\"}, \"types\": [\"test\", \"deploy\", \"notify\"], \"rspec\": { \"script\": \"rake spec\", \"tags\": [\"ruby\", \"postgres\"], \"only\": [\"branches\"]}}"}'
# same result: {"message":"401 Unauthorized"}
Has anyone run into the same problem ?
Thanks in advance
Takeshi

There is an ongoing issue regarding the CI Lint API endpoint. It seems that authentication for this endpoint doesn't work when "signing up" is disabled on on-premise Gitlab instance. I guess the issue will be fixed in future releases.

The user token's scope must grant read/write permission to yout gitlab instance's API (as you may see in the picture). The user hasn't to be admin.

import requests
import urllib.parse
from requests.auth import HTTPBasicAuth
url = 'https://gitlab.example.com/'
api = urllib.parse.urljoin(url, '/api/v4/projects')
private_token = 'xxx'
params = dict(private_token=private_token)
auth = HTTPBasicAuth('username', 'password') # username and password, different from login account, generally provided from ops
response = requests.get(api, params, auth=auth)
print(response)
print(response.json())

How can I use the GitHub Rest API to update a repository that is part of an organization?

I have a large number of GitHub repositories that have been sorted into various organizations. I wish to change the visibility of the repos by batch to public using the following API call:
curl -u {user}:{pat} -H "Accept: application/vnd.github.v3+json" -X PATCH https://api.github.com/repos/{user}/angular.powershifter -d '{"private":false}'
Which as best as I can tell is the API call (see github docs). The {user] and {pat} in the sample above are real values, and the {pat} has every option selected. The {user} is both the owner of the repo and the organization.
What I get in response is is a 404 with the following body.
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/repos#update-a-repository"
}
Is it possible to set the properties of repositories under an organization using the API?
What is the API call?
Bonus points if you can point me to the documentation!
Thanks.

Use Bearer Token based authentication. Github is deprecating password based authentications.
curl \
-H 'Authorization: Bearer ${GITHUB-TOKEN}' \
-X PATCH \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${OWNER}/${repo} \
-d '{"private":"false"}'
Link for the github documentation
https://docs.github.com/en/free-pro-team#latest/rest/overview/other-authentication-methods

Yes it is possible.
I've had some issues with this too.
Short answer use bearer token (As #shek said), and change false to "false":
curl -v -H "Authorization: Bearer ${GITHUB_TOKEN}"
-X PATCH https://api.github.com/repos/${ORGANIZATION}/${REPO}
-H "Accept: application/vnd.github.v3+json" -d '{"private": "false"}';
Notice that your token has full control of private repositories when creating the token:
full control of private repositories image
The link is quite confusing, because if for example you need to get all the repositories from GitHub you'll have to use:
https://api.github.com/orgs/${ORGANIZATION}/repos?${parameters}
Also when you need to change permissions you'll need to use:
https://api.github.com/orgs/${ORGANIZATION}/teams/${TEAM}/repos/${ORGANIZATION}/${REPO}
(Notice the orgs, which is missing in the PATCH command).
GitHub repositories documentation:
https://docs.github.com/en/rest/reference/repos#update-a-repository
GitHub auth methods (From #shek):
https://docs.github.com/en/free-pro-team#latest/rest/overview/other-authentication-methods

Github API Create Issues return 404 Not found

I am making a request to the below URL-
Post https://api.github.com/repos/kvimal/2048/issues
With my Token as a header for authorization.
The Curl Request
curl -i -X POST https://api.github.com/repos/kvimal/2048/issues -d "{title:'hey'}" -H "Authorization: Bearer xxxxxxxxxxxxxxxxxx" -H "Content-Type: application/json"
And GitHub sends a response 404 Not found. I have reade the Documentation and as far as i have observed i am doing it by the github standards. Can anyone Help with this issues?

As illustrated in this python script, the header should be using 'token' not Bearer'
headers = {
'Content-Type':'application/json',
'Authorization': 'token %s' % token,
}
(That script doesn't use curl, but give an idea of the header)
For curl queries, see this curl POST tutorial:
curl -H "Authorization: token OAUTH-TOKEN"
And the POST message must be complete as well (as in this python script)
issue = {'title': title,
'body': body,
'assignee': assignee,
'milestone': milestone,
'labels': labels}
# Add the issue to our repository
r = session.post(url, json=issue)
(again, not curl, but gives you an example of the body)

Go to "Edit personal access token" page, checkout the "Select scopes" session.
Make sure the token has been granted required access right.
I encountered similar case when trying to create public repo with 'Authorization: token ...' header.