I have created a Jenkins secret and would like to access its value from within Java code or by making a REST api call. How to do that?
Related
I am trying to automate the docker implementation of ZAP proxy to target some of my token based web applications, which use Amazon Cognito for authentication and authorization.
Since, the target app need token as Authorization header, on ZAP Desktop application it can be done through "Authentication" and "HttpSender" scripts for fetching token from Cognito and placing it in each HTTP request of the URLs being scanned respectively.
However, for ZAP Docker, I can send a context file to it using "-n" flag, the file will also contain a reference to the "Authentication" script that I would create to fetch the token from Cognito. But I do not find a way to bind "HttpSender" script with context file or any flag that takes this file from the provided list of options given in the link above.
So, the questions are:
Can I use additional libraries such as AWS SDK to refer within Authentication script? How can I pass them to the ZAP Docker container so that the script can reference it at runtime?
Is there a way to send HttpSender script, or any other way, to put the token in each scan request?
Thanks!
I have set up a release pipeline to automatically deploy an API artefact to a particular domain, and as part of that pipeline I have introduced the execution of a postman collection via the Newman CLI, the ultimate goal that I want to achieve with this is a post-deployment "integration test".
My API is secured using Identity Server 4 and there is a client created that uses the grant type "authorisation_code"
I am able to manually create an access token through the "Get New Access Token" feature of Postman, but there doesn't seem to be a way to get a new token when running through the collection runner. Nor can I find a way to do this via the NewMan CLI thus these test responses come back as "401".
Does anybody know of a way to retrieve an authorisation code / access token within postman pre-request scripts or a way to ensure that an access token is requested when running through the collection runner or via Newman CLI?
BTW I don't mind supplying test creds through an environment file.
I have implemented AWS API Gateway, which has many API methods. Currently, I have created a swagger definition file (JSON format) and imported this file AWS API Gateway though the "import" option available. I am also developing REST API services in springboot that gets called from the AWS API Gateway. The REST API Service has 20 API methods and I want to have these 20 API Methods in API Gateway. I do not want to manually maintain a Swagger definition file, containing the definition for these 20 API methods. I would like to know if I can generate Swagger definition file from SpringBoot API.
I know that Swagger can create HTML documentation from the REST API but I did not find any tool that could convert this HTML to a Swagger definition file. I also know that Swagger inspector can generate the definition file, but I have to manually call each service endpoints manually to create the definition file.
I am trying out AWS API Gateway, and it's very easy to import/export API definition from Swagger.
However, I've set my API to require AWS_IAM authorization so it's not public. But I cannot find how to make it work with Swagger UI. It seems Swagger UI only takes API Key, instead of IAM user's Access Key and Secret for Sigv4 signing.
Does anyone know is there a way to configure Swagger UI to take in Access Key/Secret, and sign the request for AWS_IAM auth?
Any direction would be appreciated.
Thanks,
Swagger UI OOTB does not support AWS_IAM auth, however, there you can still accomplish Sigv4 Signing. How to calculate AWS signature V4 in Swagger before request gives two good examples on how to accomplish this.
I used the second example, in conjunction with the author's blog post to test with multiple user Access Key/Secrets. The blog post also goes into more detail on using the AWS JS SDK for this purpose.
My goal is to ask questions of the Jenkins server within a Jenkins-run script (specifically when it's run on a remote agent). I'd like to use a Perl or Python script with the REST API. I'd like to ask data known by the Jenkins server.
In my specific case, I'd like a build-display-name of a most-recent successful build of a different project. I'd like to do this without username/password credentials. I'd expect to be able to use the environment variable JENKINS_SERVER_COOKIE as a credential as a cookie or header as I use the Jenkins REST API for GET-based requests.
Is that possible? If not, what is the environment variable JENKINS_SERVER_COOKIE used for?
Thanks!
JENKINS_SERVER_COOKIE is not used for anything related to the REST API; best to ignore it.
What you request is not currently possible.