I managed to install cf on aws ec2 followingthe guide http://docs.cloudfoundry.com/docs/running/deploying-cf/ec2/
after some tryes, It seens that all be good with curl api.subdomain.domain/info
returning as expected.
Then I went to the next step, creating a user with this guide: http://docs.cloudfoundry.com/docs/running/managing-cf/managing-users.html
1 - executed:
uaac target uaa.[your-domain].com
got as response:
Context: admin, from client admin
2 - executed:
uaac token client get admin -s [admin-cliente-secret}
got:
Context: admin, from client admin
When i try to execute
uaac user add [test-user] -p [test-password] --emails [testemail]
I getting:
error response:
{
"error": "access_denied",
"error_description": "Access is denied"
}
*Note that the brackets hold valid values
How can I fetch some info about this error, debug it in some way, or find out wath is wrong?
I guess it might be a configuration problem.
Config your UAA configuration file like this.
https://groups.google.com/a/cloudfoundry.org/forum/#!starred/vcap-dev/y_qcaCczSVw
https://groups.google.com/a/cloudfoundry.org/forum/#!topic/vcap-dev/eaH4c2OmDEQ
Related
I just installed SnowSQL on windows OS. but getting error while login with default username and password in snowFlake
PS C:\> snowsql -a sfc-repo -u username
Password:
250001 (08001): Failed to connect to DB. Verify the account name is correct: sfc-repo.snowflakecomputing.com:443. HTTP 403: Forbidden
If the error message is unclear, enable logging using -o log_level=DEBUG and see the log to find out the cause. Contact support for further help.
Goodbye!
The "sfc-repo" is supposed to be your Snowflake account name. The documentation below has some examples:
https://docs.snowflake.com/en/user-guide/getting-started-tutorial-log-in.html
When I use
aws-vault exec --no-session --debug role_name
I get:
2020/06/09 13:57:13 [keyring] Found item "aws-vault (default)"
aws-vault: error: exec: Failed to get credentials for role_name: InvalidClientTokenId: The security token included in the request is invalid.
status code: 403, request id: 05bf31bd-091e-4f18-83c5-7add3e1bccb8
First of all I thought about incorrect password, but when tried to put an incorrect password purposely, Mac Os ask again for the correct password.
I have the ~/.aws/config and ~/.aws/credentials with the correct setup.
Had the same error after rotating AWS credentials.
Deleted ~/Library/Keychains/aws-vault.keychain-db and executed aws-vault add default which created a new keychain and aws-vault started working again.
If you are on MacOS, you can probably edit the keychain directly.
I am trying to launch a cloudformation stack via the jenkins-cloudformation plugin from a template stored in git but I receive an error "Invalid Client Id" even though I give proper access_key and secret_key.
Besides, an appropriate IAM role is attached to the ec2 instance on which jenkins is running and the instance metadata is accessible to jenkins user.
And this error comes up irrespective of whether I pass secretKey, accessKey in jenkins configuration or not.
Can someone please guide me where it's going wrong.
Error
Building in workspace /apps/jenkins/.jenkins/workspace/Cloudformation_Test
> /usr/bin/git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> /usr/bin/git config remote.origin.url https://xxxx.git # timeout=10
Fetching upstream changes from https://xxxx.git
> /usr/bin/git --version # timeout=10
using GIT_ASKPASS to set credentials Gitlab user webadmdeamon to perform CICD with Jenkins
> /usr/bin/git fetch --tags --progress https://xxx.get +refs/heads/*:refs/remotes/origin/*
> /usr/bin/git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> /usr/bin/git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 827b91075eb0ae5901b641a7588b9b5769ad2ce7 (refs/remotes/origin/master)
> /usr/bin/git config core.sparsecheckout # timeout=10
> /usr/bin/git checkout -f 827b91075eb0ae5901b641a7588b9b5769ad2ce7
Commit message: "Add new file"
> /usr/bin/git rev-list --no-walk 827b91075eb0ae5901b641a7588b9b5769ad2ce7 # timeout=10
Determining to create or update Cloud Formation stack: JenkinsCloudformationTest
Stack not found: JenkinsCloudformationTest. Reason: Detailed Message: The security token included in the request is invalid. (Service: AmazonCloudFormation; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: be71618c-3027-11e9-8d00-45421bf87ce0)
Status Code: 403
Error Code: InvalidClientTokenId
Creating Cloud Formation stack: JenkinsCloudformationTest
Failed to create stack: JenkinsCloudformationTest. Reason: Detailed Message: The security token included in the request is invalid. (Service: AmazonCloudFormation; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: be73364d-3027-11e9-8d00-45421bf87ce0)
Status Code: 403
Error Code: InvalidClientTokenId
Finished: FAILURE
EDIT---
I am able to create a stack using aws cli in the same ec2 instance and with the same user.
The log shows that your issue is authentication-related:
Reason: Detailed Message: The security token included in the request is invalid.
(Service: AmazonCloudFormation; Status Code: 403; Error Code: InvalidClientTokenId; Request
ID: be71618c-3027-11e9-8d00-45421bf87ce0)
Status Code: 403
Error Code: InvalidClientTokenId
The problem could be either a bug in the Jenkins plugin or (more likely) a problem with the keys you are providing to the plugin.
The source code for the plugin (code ref), meanwhile, appears to indicate that the plugin always tries to use the access keys you provide. If you leave the key fields blank I guess it tries empty strings as the keys. Thus, the IAM role attached to the instance is probably not relevant.
Note that the error you receive InvalidClientTokenId is documented here:
InvalidClientTokenId
The X.509 certificate or AWS access key ID provided does not exist in our records.
HTTP Status Code: 403
Now, you mention in your update that:
I am able to create a stack using aws cli in the same ec2 instance and with the same user.
So firstly, try that again, and then have a look in CloudTrail. Filter by EventName=CreateStack, and then you'll see something like this:
Is it really the same user and Access Key?
I suspect you're going to find that it isn't, and the fix for you will be to provide correct Access Keys. If not, let me know and we can consider other possibilities.
I have a digital ocean droplet in that I have installed Centos 7.5, and on that, I have installed CWP, with that there is some problem. the problem is that I have created the emails in that CWP when I try to login the Roundcube using that email then it redirects me to the blank page. and when I debug the round cube then I got one error in the network that when I enter the email id and password and click on the login then I saw the 500 internal server error in the post request of Roundcube.
I have also tried by deleting the emails from CWP and also checked by creating new emails but the errors remain, and also I have deleted the droplet and created the new droplet and tried doing so but the error still exists.
I have installed CWP el7-latest.
Error Logs
[11-Feb-2019 07:13:36 UTC] PHP Fatal error: Uncaught Error: Class 'Net_IDNA2' not found in /usr/local/cwpsrv/var/services/roundcube/program/lib/Roundcube/bootstrap.php:405
Stack trace:
#0 /usr/local/cwpsrv/var/services/roundcube/program/lib/Roundcube/rcube_utils.php(891): idn_to_ascii('localhost')
#1 /usr/local/cwpsrv/var/services/roundcube/program/lib/Roundcube/rcube_utils.php(869): rcube_utils::idn_convert('localhost', true)
#2 /usr/local/cwpsrv/var/services/roundcube/program/include/rcmail.php(600): rcube_utils::idn_to_ascii('localhost')
#3 /usr/local/cwpsrv/var/services/roundcube/index.php(109): rcmail->login('support#buywpte...', '', 'localhost', true)
#4 {main}
thrown in /usr/local/cwpsrv/var/services/roundcube/program/lib/Roundcube/bootstrap.php on line 405
If anyone knows please help.
Anyone looking for the fix in 2021 here is what I used http://forum.centos-webpanel.com/index.php?topic=11376.0.
curl -s -L https://www.mysterydata.com/upload/tmp/cwp_rc_fix.sh | bash
Run this SSH Command to update roundcube on your CWP
sh /scripts/mail_roundcube_update
We are trying to use sonarqube webapi and as part of prototyping I was testing the authentication apis using cURL .
The session is not getting deactivated after calling logout , and when I call a service again with a logged out cookie, it is getting authorized successfully.
Following are the steps I followed
Login
curl -v -c cookies.txt POST -d "login=admin&password=admin" http://sonar:9919/api/authentication/login
Do a user token search (which needs authorization) with the cookie
curl -b cookies.txt http://sonar:9919/api/user_tokens/search
This is successfull and returns
{"login":"admin","userTokens":[{"name":"arunvg","createdAt":"2017-10-11T15:03:18+0400"}]}
Logout
curl -v -b cookies.txt POST http://sonar:9919/api/authentication/logout
Repeat Step 2, was expecting an error message like
{"errors":[{"msg":"Authentication is required"}]}
but the call got successful and with same result in Step 2
Am I missing something here ? Any hints ?