I would like to add a new version of a secret via GCP REST API.
Sadly the docs are pretty bland for REST and not even the URLs are spelled out.
I get a response for:
curl -H "authorization: Bearer $(gcloud auth print-access-token)" 'https://secretmanager.googleapis.com/v1beta1/projects/myproject/secrets/foo'
but only 404 for:
curl -H "authorization: Bearer $(gcloud auth print-access-token)" -H 'content-type: application/json' -d '{"payload":{"data":"foo"}}' 'https://secretmanager.googleapis.com/v1beta1/projects/myproject/secrets/foo/addVersion'
Also tried other permutations.
Can anyone tell me how to construct the REST call to add a new version?
Under the Adding a secret version section of the documentation, you can click on the "API" tab and see:
$ curl "https://secretmanager.googleapis.com/v1/projects/PROJECT_ID/secrets/SECRET_ID:addVersion" \
--request "POST" \
--header "authorization: Bearer $(gcloud auth print-access-token)" \
--header "content-type: application/json" \
--header "x-goog-user-project: project-id" \
--data "{\"payload\": {\"data\": \"${SECRET_DATA}\"}}"
Where:
PROJECT_ID is your GCP project ID
SECRET_ID is the name of the secret for which you want to add a version
SECRET_DATA is the base64-encoded secret.
If you pop out the API Explorer the start showing you the actual URL. So it is:
https://secretmanager.googleapis.com/v1beta1/projects/myproject/secrets/foo:addVersion
Related
I'm trying to access token using authorization code flow. I'm using authorization_code as the grant type.
Following documentation at Django OAuth
Here's my code that's making the post request:
curl --location --request POST 'http://127.0.0.1:8000/o/token/' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cache-Control: no-cache' \
--header 'Accept: application/json' \
--data-urlencode 'client_id=ngta3GGa3jP6Rmv5Tspj97Bk4aiitHgv1EQilCDS' \
--data-urlencode 'client_secret=zLwMyuXg7WCSFwUDYBxFP3QxHh5mF6xM2hBsKyvRbypac5lV7fl2NoFeeDG3afWWxLedA7qtzD2Mvf68qyBra3A4iUXXlDXJO4LvxuZv4UULU6NLWlObpD0ylQSXbwZD' \
--data-urlencode 'code=q4NfBMbyTNbcIQZ4j7SfgMWL898psv' \
--data-urlencode 'redirect_uri=http://localhost:8000/no/callback/' \
--data-urlencode 'code_verifier=b'\''SlJDWEgyRzNYMks0RTVQVDlRVkFaOFdDUkxHV1A3QURMTjNITFdaMTBLU0tWQkkzMUVWVEZFU0k='\''' \
--data-urlencode 'grant_type=authorization_code'
I'm expecting to get an access token when I make the post request, but I'm getting this error:
{
"error": "invalid_grant"
}
The grant is valid i.e not expired. Server time is in sync with machine time. Expiry time is 5 minutes but doesnt work even before it's expired.
I created an API with AppSync. Now I want to call it with curl, and I get the following error: You are not authorized to make this call.
I guessed the following:
curl -g -X POST -H "Content-Type: application/json" -H "Authorization: Bearer da2-XXXXXXXXXXXXXXXXXXXXXXXXXX" -d '{"query":"listMyModelTypes{listMyModelTypes {items {id title}}}"}' https://wuw4mcnvautpl4v5ox33fdzoq.appsync-api.us-east-1.amazonaws.com/graphql
Or should I also include the API ID somewhere in the query?
Making an Appsync query via CURL or Postman depends on getting the request body and headers right. The required headers depend on auth type.
# common variables
API_URL='https://<APPSYNC-ID>.appsync-api.eu-west-1.amazonaws.com/graphql'
QUERY='query GetImages($t: String!) { images(topic:$t) { edges { cursor } } }'
VARIABLES='{"t":"cats"}' # no spaces!
API Key Auth: x-api-key header
API_KEY='da2-XXXXXXXXXXXXXXXXXXXXXXXXXX'
curl -s -XPOST -H "Content-Type:application/graphql" -H "x-api-key:$API_KEY" -d '{"query": "'"$QUERY"'", "variables": '$VARIABLES'}' $API_URL
Token-based Auth (e.g. Cognito): Authorization and host headers
TOKEN='<YOUR JWT AUTH TOKEN HERE>'
HOST='<APPSYNC-ID>.appsync-api.eu-west-1.amazonaws.com'
curl -s -XPOST -H "Content-Type:application/graphql" -H "Authorization:$TOKEN" -H "host:$HOST" -d '{"query": "'"$QUERY"'", "variables": '$VARIABLES'}' $API_URL
I have generated the presigned url for get request using the same algoritthm mentioned in the documentation of AWS.
This is working.
But when I Post/Put the data the signature mismatch error is present.
Below is a sample curl :-
curl --location --request POST 'https://<bucket_name>.s3.ap-south-1.amazonaws.com/testFolder/testing1.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<access_key_id>%2F20211006%2Fap-south-1%2Fs3%2Faws4_request&X-Amz-Date=20211006T113405Z&X-Amz-Expires=3000&X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-content-sha256%3Bx-amz-date&X-Amz-Signature='
--header 'x-amz-content-sha256: UNSIGNED-PAYLOAD'
--header 'x-amz-date: 20211006T113405Z'
--header 'Content-Type: text/plain'
We have a bucket in Google Cloud Platform to manage pictures.
I am trying to upload a picture to it using Curl.
Respective to the official documentation linked here, this is the Curl-command I used:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer A_STRING_SUPPOSED_TO_BE_A_KEY" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"
This is the answer we get:
{
"error": {
"code": 401,
"message": "Invalid Credentials",
"errors": [
{
"message": "Invalid Credentials",
"domain": "global",
"reason": "authError",
"locationType": "header",
"location": "Authorization"
}
]
}
}
It seems our key is invalid, we are not sure what to use as Authorization key. Where can we find the OAUTH2.0-key required to make use of the Google Cloud Platform Bucket, do we need to generate it somewhere?
Edit:
We have generated a key using the OAuth 2.0-Playground, and it worked! But the key expires every 3000 seconds...
If you are already authenticated to Google using the gcloud sdk, you can get the key like this:
-H "Authorization: Bearer $(gcloud auth print-identity-token)"
So, using your example above, this should work:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer $(gcloud auth print-identity-token)" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"
I have been using Google's SDKs to perform API calls such as creating a service account, creating service account keys, get the storage buckets, etc.. Recently I'm unable to create a service account due to the below error.
Request:
curl --location --request POST 'https://iam.googleapis.com/v1/projects/myproject/serviceAccounts' \
--header 'Authorization: Bearer <<token>>' \
--header 'Accept-Encoding: gzip' \
--header 'User-Agent: my test Google-API-Java-Client'
c.g.a.c.g.j.GoogleJsonResponseException: 404 Not Found
{
"code" : 404,
"errors" : [ {
"domain" : "global",
"message" : "Not found; Gaia id not found for email xxxxx#myproject.iam.gserviceaccount.com",
"reason" : "notFound"
} ],
"message" : "Not found; Gaia id not found for email xxxxx#myproject.iam.gserviceaccount.com",
"status" : "NOT_FOUND"
}
Why would I require Gaia id while creating service account? Where can I find this id? Any help is appreciated!!
Did you ever remove the service account 'xxxxx#myproject.iam.gserviceaccount.com' which should be the default service account for IAM API, you can recover it within the 30days after the deletion. or just disable it and re-enable it , will recreate the default service account for you. Let me know if it resolved the issue.
It seems that your request needs to have a body
The request body contains data with the following structure:
{
"accountId": string,
"serviceAccount": {
object (ServiceAccount)
}
}
And it is missing in your command.
You can obtain more information in this documentation.
In your case it should be something like:
curl --request POST \
'https://iam.googleapis.com/v1/projects/my-little-project/serviceAccounts?key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"accountId":"sa-test","serviceAccount":{"description":"sa-description-test","displayName":"sa-display-testonly"}}' \
--compressed
You can test this API directly in the following link
Also, I have found a similar error, in this stackoverflow case according to this answer this error could be generated if the APIs are not enabled.