How to add a policy statement to a ecr repository although i know i can add a policy statement but in my case there are multiple statements so i am trying to attach a policy document for which i am getting compilation
Here i am creating a policy document
let policy = new iam.PolicyDocument({
statements: [
new iam.PolicyStatement({
sid: 'CrossAccountPermission',
principals: principalArr,
actions: [
'ecr:BatchCheckLayerAvailability',
'ecr:BatchGetImage',
'ecr:DescribeImages',
'ecr:DescribeRepositories',
'ecr:GetDownloadUrlForLayer',
'ecr:ListImages'
],
}),
//This is the second policy statement
new iam.PolicyStatement({
sid:'LambdaECRImageCrossAccountRetrievalPolicy',
effect: iam.Effect.ALLOW,
principals: lambdaPrincipal,
actions: [
'ecr:BatchGetImage',
'ecr:GetDownloadUrlForLayer'
]
})
]
});
**Here i am creating a repository for using the above policy statement**
const ecrRepo = ecr.Repository.fromRepositoryName(scope, 'repository');
Now there is no method in ecrRepo to add policy document, although there is a method to add policy statement.
Can someone please help me on how do i add multiple statement or policy document to a repo ??
This is how, you can try.
var ecrRepo = Repository.FromRepositoryName(scope, "id", "repositoryName");
foreach (var statement in policyStatements)
{
ecrRepo.AddToResourcePolicy(statement);
}
This is C# code, and I have not tried. But, it should work.
Related
I saw in the swagger ui documentation that you can provide a urls parameter which is:
An array of API definition objects ({url: "", name: ""}) used by Topbar plugin. When used and Topbar plugin is enabled, the url parameter will not be parsed. Names and URLs must be unique among all items in this array, since they're used as identifiers.
I was hoping that this will give me a selector from which I can chose which of my yaml files to process. Unfortunately, it doesn't seem to do anything.
Here is my code:
window.onload = function() {
// Build a system
const ui = SwaggerUIBundle({
urls: [
{url:"http://test.dev/documentation/microservices/microservices.yaml",name:"All Microservices"},
{url:"http://test.dev/documentation/microservices/plans.yaml",name:"Plans"},
],
dom_id: '#swagger-ui',
presets: [
SwaggerUIBundle.presets.apis,
SwaggerUIStandalonePreset
],
plugins: [
SwaggerUIBundle.plugins.DownloadUrl
],
layout: "StandaloneLayout"
})
window.ui = ui
}
I'd also like to set the primaryName to All Microservices.
Any ideas on where I'm going wrong?
The urls configuration option is supported in Swagger UI 3.0.18 and later.
You can use it instead of url like this:
window.onload = function() {
// Build a system
const ui = SwaggerUIBundle({
urls: [
{url: "https://path/to/api1.yaml", name: "API One"},
{url: "https://path/to/api2.yaml", name: "API Two"},
],
"urls.primaryName": "API Two" // default document (if other than the first)
...
})
Result:
Using service account, I`m trying to create a folder in root folder available to the account and upload images to created folder.
async def create_folder(api, parent, name):
return await api.as_service_account(
drive.files.create(
json = {
'mimeType': 'application/vnd.google-apps.folder',
'name': name,
'parents': [parent]
},
)
)
async def upload_file(api, path, parent, name):
return await api.as_service_account(
drive.files.create(
upload_file = path,
json = {
'name': name,
'parents': [parent]
},
fields = "id, name, webViewLink, webContentLink",
)
)
async def update_doc(api, id, requests):
return await api.as_service_account(
docs.documents.batchUpdate(
documentId = id,
json = {
"requests": requests
}
)
)
def insert_image(uri, index):
return {
"insertInlineImage": {
"uri": uri,
"location": {
"index": index
},
"objectSize": {
"height": {
"magnitude": 125,
"unit": "PT"
},
}
}
}
async def main(parent_id, path, file, doc_id):
async with client.api: # my "wrapper" around Aiogoogle
folder = await create_folder(
client.api,
parent_id,
"A folder in root folder"
)
image = await upload_file(
client.api,
f"{path}/{file}",
folder["id"],
"A file in created folder",
)
await update_doc(
client.api,
doc_id,
[insert_image(image["webContentLink"], 0)]
)
And while both the file and the folder were in fact created (it even says the account is the owner of them), I`m getting this error:
{'code': 400,
'message': 'Invalid requests[0].insertInlineImage: Access to the provided '
'image was forbidden.',
'status': 'INVALID_ARGUMENT'}
I tried giving these arguments to both of drive.files.create() calls:
includePermissionsForView = "published",
ignoreDefaultVisibility = True
, but no luck there
I think that when the image is put using webContentLink to Google Document using Docs API, the image is required to be publicly shared. So in your situation, how about the following patterns?
Pattern 1:
In this pattern, webContentLink is used. Please publicly share the uploaded file using the method of "Permissions: create" in Drive API. Ref
By this, you can put the uploaded image using webContentLink. But in the current stage, there is the case that this link cannot be used. Ref I think that this might be a bug or the current specification.
So, as a workaround, I would like to propose another pattern.
Pattern 2:
In this pattern, thumbnailLink is used instead of webContentLink by modifying the query parameter. In this case, it is not required to publicly share the uploaded file.
Please add thumbnailLink to the fields like fields = "id, name, webViewLink, webContentLink, thumbnailLink", for drive.files.create. By this, thumbnailLink is included in the returned value. The value of thumbnailLink is as follows.
https://lh3.googleusercontent.com/###=s220
Please modify =s220 to =s1000. By this, the image size of the width of the image becomes large. Also, you can change this freely. And please use this modified URL to insertInlineImage.
Reference:
Permissions: create
As part of creating a Team in Microsoft teams using the Graph API, I'm trying to create a folder in Microsoft Graph with a custom column - just a simple yes/no.
This is what I have so far:
var newFolder = new DriveItem();
newFolder.Name = folderName;
newFolder.Folder = new Folder();
newFolder.AdditionalData = new Dictionary<string, object>();
newFolder.AdditionalData.Add("#microsoft.graph.conflictBehavior", "rename");
var newSubFolder = _graphClient.Groups[team.RemoteId].Drive.Items[parentFolder.RemoteId].Children
.Request().AddAsync(newFolder).Result;
However I need to add a custom column to this folder at creation time (or just after, if it needs to be in an update call). I was hoping I could do this easily through the Graph API but I can't seem to find any way to do this. Does anyone know how? (I have no idea how to access the underlying SharePoint API, by the way, so even if I knew how to do it with SharePoint that wouldn't help me much at the moment.)
Try the following steps:
(1) Create the folder:
POST /drives/{drive-id}/items/root/children
{ "name": "{test}", "folder": { }, "#microsoft.graph.conflictBehavior": "fail" }
(2) Get the created folder's item id and update the folder's content type, metadata:
PATCH /sites/{site-id}/lists/{library-name}/items/{item-id} { "contentType": { "id": "{content-type-id}" }, "fields": { "fieldname1": "{value}", "fieldname": "{value}" } }
While performing Read operation on V4 ODatamodel I'm getting an error saying
oModel.read is not a function
Code
Error
Please let me know how to correct if I did something wrong.
This error is expected.
read method does not exist in oData Model V4.
See below:
read is not a function in V4
However, you can do the same thing with oData V2(recommended approach for working with oData as V4 has still some features missing)
Restrictions with oData V4
oData V2 vs oData V4
Nevertheless, if you need to bind the response items later with a table, you can
do it as:
var oModel = new sap.ui.model.odata.v4.ODataModel({
groupId: "$auto",
serviceUrl: "url",
synchronizationMode: "None",
operationMode: "Server"
}),
oSettings = new sap.ui.model.json.JSONModel({
bOnlyLarge: false,
bFilterGermany: false
});
var oTable = new sap.ui.table.Table({
columns: [{
label: "ProductName",
template: new sap.m.Text({
text: "{Country}"
}),
sortProperty: "ProductName"
}]
});
oTable.setModel(oModel);
oTable.bindRows({
path: "/Products"
});
var oModel = new sap.ui.model.odata.v4.ODataModel({
/* send requests directly. Use $auto for batch request wich will be send automatically on before rendering */
groupId : "$direct",
/* I'll just quote the API documentary:
Controls synchronization between different bindings which refer to the same data for the case data changes in one binding.
Must be set to 'None' which means bindings are not synchronized at all; all other values are not supported and lead to an error.
*/
synchronizationMode : "None",
/*
Root URL of the service to request data from.
*/
serviceUrl : "http://services.odata.org/TripPinRESTierService/",
/*
optional. Group ID that is used for update requests. If no update group ID is specified, mParameters.groupId is used.:
updateGroupId : "$direct"
*/
});
I am trying to consume Gateway OData Services in sapui5 app.
Metadata - /sap/opu/odata/SAP/ZUSER_MANAGE_SRV/$metadata as follows:
UserdataSet - /sap/opu/odata/SAP/ZUSER_MANAGE_SRV/UserdataSet as follows:
MY CODE
var oModel = new sap.ui.model.odata.ODataModel("http://Host:Port/sap/opu/odata/SAP/ZUSER_MANAGE_SRV", false,"USER","Password");
var app = new sap.m.App("myApp",{});
var oTable = new sap.m.Table("list1", {
growing: true,
growingThreshold: 200,
//mode: sap.m.ListMode.SingleSelect,
columns: [
new sap.m.Column({
header: new sap.m.Label({text: "ID"})
}),
new sap.m.Column({
header: new sap.m.Label({text: "First Name"})
}),
new sap.m.Column({
header: new sap.m.Label({text: "Last Name"})
})
],
items: {
path: "/UserdataSet",
template: new sap.m.ColumnListItem({
cells: [
new sap.m.Input({value: "{EUname}"}),
new sap.m.Input({value: "{EFirstname}"}),
new sap.m.Input({value: "{ELastname}"})
]
})
}
});
oTable.setModel(oModel);
var page1 = new sap.m.Page("page1",{
title: "App",
content: [oTable]
});
app.addPage(page1);
return app;
Getting error as - uncaught exception: [object Object].
Detailed Error:
Please help, whats wrong with my code?
Your OData service needs to be on the same server or needs to appear to be coming from the same server as your UI5 application. If it's not on the same server you should get Gateway to produce CORS headers.
Please find more info on CORS and how to get Gateway to produce these headers here: http://scn.sap.com/community/gateway/blog/2014/09/23/solve-cors-with-gateway-and-chrome
The Error is not very clear maybe chrome will show an more detailed error in this case.
If your application server and odata service are not from the same origin, the SOP (same origin policy) restricts this action.
Two pages have the same origin if the protocol, port and host are the same for both pages.
see https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy for more details.
you can start chrome with --disable-web-security flag:
In CMD:
C:/<path to chrome app>/chrome.exe --disable-web-security
!!! ONLY FOR DEVELOPMENT REASONS !!!