I'm trying to config a SonarQube server using puppet.
My puppet manifests install software, deploy my custom sonar.properties, deploy ssl certificates, download and configure few plugins and, at last, start service.
The goal is config and reconfig SonarQube in automatic way.
During my postconfig step, I launch a puppet exec whith this SQL to set my own password form admin user.
"UPDATE users SET crypted_password='***********************************', salt='*******************************' where login='admin'
How I can calculate crypted_password and salt values for my password? (nowadays i use a fake sonar to change admin pass and look the value in db)
In pseudo code some like this...
crypted_password=crypt('pass')
Where crypt is
funcion crypt (anypass)
{
........
}
Thanks.
In the sonar-server's ruby source there is a ruby file for authentication by password: by_password.rb. Here you can see how Sonar encrypts passwords:
def password_digest(password, salt)
digest = REST_AUTH_SITE_KEY
REST_AUTH_DIGEST_STRETCHES.times do
digest = secure_digest(digest, salt, password, REST_AUTH_SITE_KEY)
end
digest
end
secure_digest is defined as:
def secure_digest(*args)
Digest::SHA1.hexdigest(args.flatten.join('--'))
end
So the encrypted password is the SHA1 of digest--salt--password--REST_AUTH_SITE_KEY repeated REST_AUTH_DIGEST_STRETCHES times. The values of REST_AUTH_SITE_KEY and REST_AUTH_DIGEST_STRETCHES are set in /web/WEB-INF/config/initializers/site_keys.rb and are empty string and 1 by default.
This is one way of achieving your goal. In my opinion a much better way is by creating a user via Sonar's REST API. However unfortunately it doesn't seem possible at the time (v4.1.2) to add a user to a group via the REST API.
Related
i want to be able to create wallets on wave blockchain using their api
according to this
https://nodes-testnet.wavesnodes.com/api-docs/index.html#/addresses/createWalletAddress
i need to send API key in my request header .... i look into how can i obtain this api key and in the doc here are the steps
Set API Key
To set API key, you need to generate API key hash and then use it in
your node configuration.
Create unique string value that you will use as API key.
Go to Swagger web interface.
Open the /utils/hash/secure (opens new window)API method and input
your unique string in the message field.
Click Execute to get the hashed API key.
Use the hashed API key as the value of the api-key-hash parameter in
your node configuration file.
Restart your node.
it says
Use the hashed API key as the value of the api-key-hash parameter in
your node configuration file.
im very confused ... i thought using testnet means that i dont have to install a local node
maybe im wrong ?!
use this package
https://www.npmjs.com/package/#waves/waves-api
you need to creaate a seed pharase , and using the seed you can create address/public & private keys ... here is a shortcut to create all
const Waves = WavesAPI.create(WavesAPI.TESTNET_CONFIG);
const seed = Waves.Seed.create();
console.log(seed);
I'm currently playing around with gitlab-ce (omnibus, on an Ubuntu VM) in an environment with LDAP authentication.
The LDAP administrator recently reconfigured the OUs from something like
ou=temp, ou=users, ou=baseinfrastructure to
ou=users, ou=baseinfrastructure.
Now when I do something as simple as git pull with a regular user account, that user account will be set to ldap_blocked since gitlab queries for the user with the temp part in the cn string and obviously doesn't find it.
Is there a way to update the users or something else so gitlab no longer queries with the ou=temp, part?
After some search, I've found out the information is stored in the identities table.
In gitlab omnibus, you can start a database console using gitlab-psql.
In my case, the required query for verifying I'm doing the right thing was:
SELECT external_uid, replace(external_uid, 'ou=temp,', '') FROM identities;
and then actually replacing them by executing:
UPDATE identities SET external_uid = replace(external_uid, 'ou=temp,', '');
For a single user you can use gitlab-rails console.
Find your user:
user = User.find_by_email("user#email")
Get user extern_uid:
user.ldap_identity.extern_uid
the above should print result similar to: => "uid=username,ou=people,dc=example,dc=com"
Update values as neccesary:
user.ldap_identity.extern_uid = "uid=newusername,ou=newpeople,dc=example,dc=com"
Verify:
user.ldap_identity.extern_uid
=> "uid=newusername,ou=newpeople,dc=example,dc=com"
And finally save
user.save
I believe this script Gitlab rake task to mass update ldap dn may be useful for updating multiple users at once.
I'd like to incorporate GitLab CI into my Karate testing. I'd like to loop through my tests with different user names and passwords to ensure our API endpoints are responding correctly to different users.
With that in mind, I'd like to be able to store the usernames and passwords as secure environment variables in GitLab (rather than in the karate-config as plain text) and have Karate pull them as needed from either the karate-config or the feature files.
Looking through the docs and StackOverflow questions, I haven't seen an example where it's being done.
Updating with new information
In regards to Peter's comment below, which is what I need I am trying to set it up as follows:
set client id in karate-config:
var client_id = java.lang.System.getenv('client_id');
in the actual config object:
clientId: client_id
In my feature file tried to access it:
* def client_id = clientId
It still comes through as null, unfortunately.
You can read environment variables in karate using karate.properties,
eg,
karate.properties['java.home']
If this helps you to read the environment variables that you are keeping securely on your gitlab, then you can use it in your karate-config for authentication.
But your config and environment variable will look cumbersome if you are having too many users.
If you want to run a few features with multiple users, I would suggest you look into this post,
Can we loop feature files and execute using multiple login users in karate
EDIT:
Using java interop as suggested by peter:
var systemPath = java.lang.System.getenv('PATH');
to see which are all variables are actually exposed try,
var evars= java.lang.System.getenv();
karate.log(evars);
and see the list of all environment variables.
Is there a way to login to a website without writing the actual password in the code. For example, I created a function to login:
var isAlreadyLogIn = false;
function LogIn (userId, password) {
if (!isAlreadyLogIn) {
driver.findElement(By.xpath("//*[#id='Email']")).sendKeys(userId);
driver.findElement(By.xpath("//*[#id='Password']")).sendKeys(password);
driver.findElement(By.xpath("//input[#value='Login']")).click();
isAlreadyLogIn = true;
}
}
it('Should login', function(done) {
LogIn("username", "password");
});
Your code will need access to the credentials. I think the most common way to solve this is to put the credentials into a config file and read it from there. If you don't want the passwords to be included with the code you can just not commit in the config-file to the repository, but share it with a different means. Alternatively you could pass the username and password as command-line arguments to your tests.
Here are NodeJS examples how to store the credentials in different ways. The examples are for databases, but the idea is the same.
One option is to use environment variables to store the username and password. This is what is recommended by SauceLabs. They have a best practices page that contains more details on how to create the environment variables, etc.
https://wiki.saucelabs.com/display/DOCS/Best+Practice%3A+Use+Environment+Variables+for+Authentication+Credentials
If you are using maven, an option is using the profiles and the override system properties.
<profile>
<id>QA</id>
<properties>
<runUrl>http://qaenvironment.com </runUrl>
<admin.username>admin</admin.username>
<admin.password>adminpass</admin.password>
<noadmin.username>noadmin</noadmin.username>
<noadmin.password>qwerty123</noadmin.password>
</properties>
</profile>
Runing the execution whit the QA profile, for example, and in the Java code using that:
driver.findElement(By.xpath("//*[#id='Email']")).sendKeys(System.getProperty("admin.username"));
driver.findElement(By.xpath("//*[#id='Password']")).sendKeys(System.getProperty("admin.password"));
I have two scripts first on file system,second into jenkins job.
Second script calling the first and passed parameters into it.
Parameters contains password parameter.
How can I hide password into logs?
I have tried to hide output by using exec command but problem wasn't solved.
The Mask Passwords plugin does just that.
Please find below my findings with solution [without using Mask Passwords plugin]:
Brief Description about my jenkins job:
I wrote a job which downloads the artifacts from Nexus based on the parameters given at run-time and then makes a Database SQL connection and deploy the SQL scripts using maven flyway plugin. My job takes - Environment, Database Schema, Artifact version number, Flyway command, Database User and it's password as input parameters.
Brief Background about problem:
While passing the PASSWORD as MAVEN GOAL (Parameter), it was coming in Jenkins Console as a plain text.
Although I was using "Password Parameter" to pass the password at run-time but then also it was coming as plain text in console.
I tried to use the "secret text" to encrypt the password but then my job started failing because the encrypted password was getting passed to Maven Goals, which was not able to connect to DB.
Solution:
I used "Inject passwords to the build as environment variables" from Build Environment and defined its value as my "password parameter" (my password parameter name was db_password) which I am passing as parameter at run-time (eg.: I defined my inject password value as : ${db_password} ).
And this is working as expected. The password which I am passing while running my job is coming as [*******]
[console log:
Executing Maven: -B -f /work/jenkins_data/workspace/S2/database-deployment-via-flyway-EDOS/pom.xml clean compile -Ddb=UAT_cms_core -DdatabaseSchema=cms-core -Dmode=info -DdeploymentVersion=1.2.9 -Ddb_user=DB_USER -Ddb_password=[*******]
]