This question's answers are a community effort. Edit existing answers to improve this post. It is not currently accepting new answers or interactions.
It's unclear from the API how to get the token that can be used to clone http repositories.
From the documentation here:
http://doc.gitlab.com/ee/ci/api/README.html
It should be possible to GET this url:
http://gitlab.com/ci/api/v1/projects?private_token=QVy1PB7sTxfy4pqfZM1U&url=http://demo.gitlab.com/
I'm not sure where the url parameter is taken from but even with just my private token, it receive a 404 error page.
I tried with the ci subdomain but it simply redirect me to gitlab.com.
That said, I'll explain a bit more the reason why I need that. I have a server that could have multiple projects. Each projects will contain a list of repositories private/public each project has to be cloned/pulled and whatever regularly. Unlike github, gitlab doesn't provide a oauth2 token that is sitewide and instead provide a CI-token for each project. I could make sure that the user enter the token for each project but that is way more complicated than entering the private token.
On the other hand, I could generate SSH keys for each users and add the public key to their account and this way it would be possible to fetch/clone with ssh instead of http. But that is a bit more work on my end than just fetching a token and cloning with a basic auth url
git clone https://gitlab-ci-token:token#gitlab.com/project.git
You can find the token by doing the following from gitlab.com
Click on the project you are working on from the starting screen
Click "Settings" on the left hand navigation
Scroll down to the bottom and click "CI / CD" which is nested in Settings
Under the "Runners" section click expand
Token is hidden here.
Took me 10 minutes to find this... not documented anywhere.
According to new Gitlab CI Build Permissions Model, HTTPS is now a requirement to clone all the sources. So that rules out the SSH option.
Now to clone any private repo you can just do:
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}#gitlab.com/<group_name>/<repo>.git
Also, you DONT need to specify the value for CI_JOB_TOKEN. It is taken automatically. So, just fill in the <group_name> and <repo>.
Also, remember that gitlab.com can be replaced by gitlab.xyz.cloud (your private gitlab enterprise) and this will still work.
Needless to say that you would never actually require the value of CI_JOB_TOKEN
The url to retrieve your token is located under the following path /profile/account.
Or you can just navigate to Profile Settings -> Account
Also make sure you are using the right version of the api. At the time of this response is currently on v3 /api/v3/projects?private_token={my_private_token}
gitlab-ci-token can be found at [Go to left side panel -> settings -> ci/cd->runners]
I would say to check the type of token you want.
Private token?
Navigate to Profile Settings -> account.
A token can be generated if you want to trigger a new CI/CD pipeline and this can be done by navigating to Project Settings-> CI/CD pipelines -> Create a token
Also, It is important that you have the right privileges to Git.
Related
I am using 2 different GitHub accounts to manage 2 different projects. My device is a Pixelbook using the Linux beta terminal for pushing commits. I have the two accounts set up using SSH keys, and there doesn't seem to be a problem there.
When I initially set up the Linux, I set the username as "My-username", which is coincidentally the same username as my GitHub A-account. I looked at the repos on the Github B-account and saw my Linux/A-account listed as the author. The link to the profile is the correct account (as in the link is for github.com/B-Account).
How can I either
A: change the Linux username to something less identifiable
or
B: (preferred) change the author for new commits.
I have seen a few questions on here saying I can change the author with a script or amend command... but I don't think I really care about the existing commits. I just want to make it show the actual GitHub account name as the author instead of my terminal name.
Edit:
The git config --global user.name command shows my full name, and the email is set in the --local for each repo with the appropriate email to the associated account.
I was able to find a solution to my problem!
inside of the .git/config file, I removed the credential.helper = store line that I had previously enabled while using HTTPS connections.
Now my commits are posting with the appropriate account!
I am pretty sure my understanding is correct but since I cannot find any Google documentation that explicitly highlights this I wanted to ask here.
Per https://developers.google.com/apps-script/guides/triggers/installable:
Installable triggers always run under the account of the person who created them.
And we know that when you create a trigger it will ask to authorize for all the scopes the script uses.
Then, that means that anyone with edit access to the script could leverage the Google identity of the user used to create the trigger to access the scopes the trigger is authorized for.
For example:
User 1 creates a Google Apps Script that uses GmailApp to send an e-mail
(i.e. GmailApp.sendEmail("one#example.com", "test subject", "email body");)
User 1 creates a trigger to run said script every hour and authorizes it with the appropriate GmailApp scopes
User 1 gives User 2 edit access to said script
Now, User 2 can go into said script and make changes to the code and access User 1's Gmail account. For example, user 2 could change the code to:
var emails = GmailApp.search("search string to find sensitive emails")
// use GmailApp.sendEmail to forward those details to someone else like User 2
All they would have to do is make changes to the code and save; they wouldn't need to re-create the trigger since it already exists. And the next time the trigger runs it would run the newer/updated code.
I was able to confirm this behavior by creating a test script on one of my accounts and giving another account edit access.
So my question is, what is the official/recommended way to mitigate this risk? The obvious answer is to not give anyone else edit access but what if that is not an option -- what if for support purposes multiple people need to be able to access the script, then what?
As you say, the only official/recommend way is to limit editing access to trusted persons.
In your particular example, User 1 could have chosen MailApp instead of GmailApp. The two seemingly redundant services are available separately because MailApp has very limited privledges exposed compared to GmailApp. (For instance, User 2 cannot search the victims Gmail with the MailApp service.)
You can collaborate while avoiding giving direct access to your script file using clasp and git. Only you push with clasp to the script. Everyone else submits changes through git. You can setup the system to be fully automatic (i.e. a git push triggers a clasp push) or manual (i.e. you review all changes first), bit either way you have good records of who did what, when with git.
There's inherent trust when you provide edit access to the script project. You either trust the person or don't trust them. There's no inbetween.
Some "theoretical" ways you may still protect the data:
Create and use different Google accounts.
Install Triggers at the specific deployment/not at Head:
Possible only if done manually. Installable triggers created programmatically can only be used at Head
When you deploy a web-app/api, You can deploy it a specific version.
This deployment version can then be provided, When you create a new trigger for a project here.
There is no need for a working web-app/api. We're only looking to get a deployment id.
In this way, even if user changes the script, your trigger will only run at the old version deployed.
Deployed versions can be seen at Publish> Deploy from manifest.
As the previous answer states, git would be a better call.
For all practical purposes, any data you share with a malicious entity should be considered compromised.
Afternoon all,
I've got an issue when trying to change the status of an order (from pending to complete etc...) in the admin section.
A warning appears saying
Warning: You do not have permission to access the API!
if i have add my IP to the API IP address section it's working fine
the fields are all in red and the continue button doesn't work.
A similar thing happens if I view an order instead and try to add a new status to the order history.
I've seen this problem mentioned a few times in other posts but, afaik, without any satisfactory answer.
I'm using Opencart 2.0.3.1 and I'm logged in as an administrator and the administrator user group has all Access and Modify permissions enabled.
There is the default API user set up in System > Users > API and I also added (and then removed) another one but I was not sure what to do once I had created a new API user with a username and generated password.
There are no other problems on the site but, despite trying just about all the suggestions in the other forum posts, I can't edit the existing orders from the admin section.
Check this page out with a list of fixes for this issue: http://www.randemsystems.com/support/opencart/api-problems-what-you-need-to-know/msg6218/#msg6218
As far as I know, this issue is resolved in OC v2.1x onwards
The problem is that you need an API user with a valid IP address.
Go to System > Users > API.
Either modify the Default API by adding your IP address in the second tab, or just create a new API.
After that you should make sure the API is selected in System > Settings > Edit > Option > API User.
Click save, refresh and try adding order history again.
I tried the same thing and didn’t have permission to access the API when attempting to add order history. Follow the steps and it should work for you, as it worked for me.
I know it's late, but after trying everything and not getting it working, I deleted everything here /system/storage/cache. It solved the problem.
It works perfect for me .
1- Open index.php file of root directory
2- add the following after define('version',x.x.x.x);
if ($_SERVER["HTTP_CF_CONNECTING_IP"])
{
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
I am trying to add an issue to a GitHub repository via the GitHub API. I use OAuth with a scope of user,repo,gist. The issue gets created just fine, but the labels are silently dropped.
I read on the GitHub website:
"Only users with push access can set labels for new issues. Labels are
silently dropped otherwise."
So my question is this: What is push access? Do I need to add something to my scope to allow a user to do this?
I assume you need to be authenticated as a user that is allowed to push (as in git push) to the repository. That means, either the repository owner or a collaborator ("Settings" >> "Collaborators").
I just stumbled across this while looking for a simple URL-way to add labels to issues.
Turns out there is something: it's labels=!
So on a new issue where it's the first param that'd be:
https://github.com/github/issue-labeler/issues/new?labels=bug,enhancement
Otherwise &labels=...
This also works if you don't have any push access!
Of course nonexistent labels are also silently dropped and this does not yet submit the issue. I'm sorry if it does not apply.
I've install my CF on http://paas.azure4j.us
Now I want to use an eclipse plugin for CF , but when I add my CF server an error occured it said
The currently selected server type does not support remote hosts
But it works when I test it to api.vcap.me / my local CF.
Any solution ?
This looks like a similar issue addressed in a git change;
https://github.com/SpringSource/eclipse-integration-cloudfoundry/pull/2
I am not really an Eclipse user, so this is a bit of a stab in the dark!
I think Dan is correct here. At the moment you create your Cloud Foundry connection against 'localhost' (which doesn't make much sense from an Eclipse point-of-view) and in the new panel you specify your actual API target, username, password etc. Is that what you are doing?
I was able to connect to your Cloud Foundry instant without any problem using STS. First I used vmc to register for a account. Once I registered an account, I went to STS and on the server tab I right clicked, and choose Cloud Foundry from my vmware folder.
When you choose the Cloud Foundry option on the server tab, keep the Server's host name the same (which is localhost). Give a name to your Server Name and keep the Server runtime environment the same as well. Click Next to move to the next screen. On the next screen you should see Email, Password and URL. Email and password are pretty straight forward and those should be your information which you registered with your Cloud Foundry instance. For the URL section, click on the Manage Cloud... button and then the Add... button. You should get a window popup which have Name and URL. For name put whatever name you want and for URL put in "http://paas.azure4j.us", then click on Finish. Now you have your custom Cloud URL added to the list so go ahead and click on the OK button again. Now you should be on the New Server window where you have the Email, Password and URL options. For the URL option go ahead and choose the newly added url you just created and then click on "Validate Account" to see if everything is validated. You should get a "Account information is valid" message. then click on Next and continue with the wizard until you are done and you have your Cloud Foundry instance added to your servers list.
Again I have performed the same exact steps I mentioned above and I was able to have your Cloud Foundry instance added to my servers tab.
I've done this issue , so I edit my cloud_controller.yml and uaa.yml on
~/cloudfoundry/.deployment/devbox/config
Then change uaa uri at http://uaa.cloudfoundry.com to http://paas.azure4j.us:8080/ to redirect it to own uaa.
Thanks for all solutions :))