How to retrieve kubectl config value from Dex server configured with LDAP using curl command? - kubectl

We have multiple Kubernetes clusters across our company. To get the kubectl config content we use Dex to login and copy/paste the content to our local confi for kubectl.
I want to make this automated and so run a bunch of command to get the content using curl.
I couldn't work out how by checking the requests responses. Please help me if anyone knows how.


I found how to do it. So we need to make two calls. First one retrieves the login page in which we can grab the request id:
the_id=$(curl -s -v -L "https://login.${cluster}" | grep -Po 'action="(.*)"')
The above searches in the response for attribute action= where it tells you where to submit the request
Then use the_id in the next call:
konfig=$(curl --insecure POST -H 'Content-Type: application/x-www-form-urlencoded' -d "login=$username&password=$password" -v -L "${cluster}${the_id}" | grep -Pzo '(?s)id=".*?</')
This command will return a HTML page in which you can find the config. Obviously for you it can be different response but fetching the request id from the first call is the key that I missed to begin with.

Related

How to check for Jupyter active notebooks through command line

I have an AWS EMR running Jupyterhub version 0.8.1+ that I want to check if there are any active notebooks that are running any code.
I've tried the below commands but they don't seem to output what I'm looking for here since the users server is always running and notebooks can be running without any code being executed.
# only lists running servers and jovyan is always running.
sudo docker exec jupyterhub jupyter notebook list
# No useful information outputted
curl -k -i -H "Accept: application/json" "https://localhost:9443/api/sessions"
# always lists processes regardless of running notebooks
ps aux | grep ipykernel
# The last_activity only updates when a user creates a new file or folder in the ui.
curl -k https://localhost:9443/hub/api/users/$user -H "Authorization: token $admin_token" | jq -r .last_activity
curl -k https://localhost:9443/hub/api/users -H "Authorization: token $admin_token" | jq -r .last_activity
Im following this AWS blog to check if the entire EMR is idle before terminating the cluster but they never seemed to have fully implemented the jupyter checks.
https://aws.amazon.com/blogs/big-data/optimize-amazon-emr-costs-with-idle-checks-and-automatic-resource-termination-using-advanced-amazon-cloudwatch-metrics-and-aws-lambda/
Most of the files referenced can be found in Github https://github.com/septian-putra/emr-monitoring

To see if a notebook is "idle" for "busy" you can run curl -ks https://localhost:9443/user/jovyan/api/kernels -H "Authorization: token ${admin_token}"
With this command all you need to do is put it in a simple if statement with a grep -q in order to get a true false idle value.
if [ $(curl -ks https://localhost:9443/user/jovyan/api/kernels -H "Authorization: token ${admin_token}" | grep -q "busy") ]; then
JUPYTER_BUSY_NOTEBOOKS=1
else
JUPYTER_BUSY_NOTEBOOKS=0
fi
(curl -ks For a silent output and to ignore ssl. jovyan being my admin user)
Documentation
https://jupyter-kernel-gateway.readthedocs.io/en/latest/websocket-mode.html#http-resources
/api/sessions might also be useful to look at.

wso2 mutual ssl curl command APIM 3.2.0

I tried setup ALLINONE in my local, followed the documentation https://apim.docs.wso2.com/en/latest/learn/api-security/api-authentication/secure-apis-using-mutual-ssl/
it worked, but what will be the curl command for request because the document talks about testing only through postman

You can use the following curl commands when you want to use the header-based approach.
curl -X GET -H "X-WSO2-CLIENT-CERTIFICATE: (Base64 encoded public cert)" "https://localhost:8243/mock/v1" -v
curl -X GET -H "X-WSO2-CLIENT-CERTIFICATE: (Base64 encoded public cert)" "http://localhost:8280/mock/v1" -v
In order to work this, you need to add the following configuration to the deployment.toml in wso2am-3.2.0/repository/conf location.
[apimgt.mutual_ssl]
enable_client_validation = false
You can use the following curl commands if you are using the cert and key.
curl -k --cert int.ext.wso2.com.crt --key int.ext.wso2.com.key -X GET "https://localhost:8243/mock/v1" -v

How to connect to AWS simple AD using ldapsearch?

I've created a simple AD on AWS and I'm trying to connect to it using the Administrator credentials set up while creating the simple AD. I'm running the ldapsearch command from another EC2 instance in the same subnet. However I"m running into an authentication error and I'm pretty sure it's not the password, as I've tried changing it multiple time with no luck.
Below is the ldapsearch command I'm using.
$ldapsearch -x -v -h "10.*.*.112" -b "dc=corp-testing,dc=example,dc=com" –D "Administrator#corp-testing.example.com" -W sAMAccountName=Administrator
Below is the output:
ldap_initialize( ldap://10.*.*.112 )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Would someone be able to point out the issue on this?

I ran into the same issue and I have found the solution, the username needs to be prefixed with the Directory NetBIOS name (this is available from the Directory details page), then login with:
ldapsearch -x \
-h 10.*.*.112 \
-b "cn=Users,dc=corp-testing,dc=example,dc=com" \
–D "${NetBIOSNAME}\\Administrator" \
-W sAMAccountName=Administrator
Obviously, change ${NetBIOSNAME} to the appropriate value.

Okay I figured it out, however I don't know the WHY. Try changing your search to:
ldapsearch -x -v -H "ldap://10.*.*.112:389/" -b "dc=corp-testing,dc=example,dc=com" –D "cn=Administrator,dc=corp-testing,dc=example,dc=com" -W sAMAccountName=Administrator
I tried this several times without the trailing / on the URI but it didn't work.

Problem was that the Administrator is inside of the Users node, so -D should include cn=Users also:
ldapsearch -x -v -h "10.*.*.112" -b "dc=corp-testing,dc=example,dc=com" –D "cn=Administrator,cn=Users,dc=corp-testing,dc=example,dc=com" -W sAMAccountName=Administrator

SonarQube 6.5 web api logout not behaving as expected?

We are trying to use sonarqube webapi and as part of prototyping I was testing the authentication apis using cURL .
The session is not getting deactivated after calling logout , and when I call a service again with a logged out cookie, it is getting authorized successfully.
Following are the steps I followed
Login
curl -v -c cookies.txt POST -d "login=admin&password=admin" http://sonar:9919/api/authentication/login
Do a user token search (which needs authorization) with the cookie
curl -b cookies.txt http://sonar:9919/api/user_tokens/search
This is successfull and returns
{"login":"admin","userTokens":[{"name":"arunvg","createdAt":"2017-10-11T15:03:18+0400"}]}
Logout
curl -v -b cookies.txt POST http://sonar:9919/api/authentication/logout
Repeat Step 2, was expecting an error message like
{"errors":[{"msg":"Authentication is required"}]}
but the call got successful and with same result in Step 2
Am I missing something here ? Any hints ?

curl email with attachment

I'am trying to send an E-mail with the following command via curl
curl smtp://smtp.live.com:25 -v --mail-from \"***#hotmail.com\" --mail-rcpt \"***#hotmail.com\" --ssl -u **#hotmail.com:*** -T \"oke\" -k --anyauth"
everything is working fine, I get the email. The only thing I want to change is, that the file "oke" is attached to the email. The command above sends me the data inside the email, but I want the file.
How can I attach the file to the email ?