Can we set $ref :'Some Bitbucket URL' in openAPI specification?
If yes
Also how to add required username and password for bitbucket.
tried below but not working
$ref: 'https://username:password#resourceURL#/definitions/nameOfTheComponent'.
is there any additional change we need to do access URL Reference for accessing bitbucket URL ?
https://swagger.io/docs/specification/using-ref/ does not have information about adding username password for url.
You can reference files from public Bitbucket repositories by using raw links. Raw file links have the following format (assuming you use bitbucket.org):
https://bitbucket.org/<OWNER>/<REPO>/src/<BRANCH_NAME or HEAD or COMMIT_SHA>/<PATH_TO_FILE>
For example, you can reference the Pet schema from this file as:
$ref: 'https://bitbucket.org/atlassian/swagger-request-validator/raw/master/swagger-request-validator-core/src/test/resources/oai/v3/pet.yaml#/components/schemas/Pet'
You cannot reference files from private Bitbucket repos. That's because programmatic access to private Bitbucket repositories requires authentication, and $ref doesn't have a mechanism to provide the credentials for authentication.
Related
I am trying to set up the following in Hashicorp Vault:
GitHub Actions authenticates to Vault using JWT auth method. Vault creates an Identity Token containing the repo name. Actions can then use this token to authenticate to a Snowflake database, where I've set up Vault as an External OAuth server. The repo name will be used as the username in snowflake.
Here's the role with my token template:
resource "vault_identity_oidc_role" "github_actions" {
namespace = vault_namespace.namespace.path
name = "github_actions"
client_id = "https://mine.eu-north-1.aws.snowflakecomputing.com"
key = vault_identity_oidc_key.key.name
template = <<EOF
{
"scp": "session:role:${var.snowflake_role}",
"username": {{identity.entity.aliases.${vault_jwt_auth_backend.github_actions.accessor}.name}}
}
EOF
}
Everything seems like it should work fine. I get a token, it's valid, and Snowflake accepts it. But it tells me the username is "wrong". Testing manually, I found that usernames containing special characters just aren't accepted by snowflake. And using the repository field from GitHub gives me a username like "repo-owner/repo-name" which contains slashes and dashes and whatnot.
I'm thinking that if I can just manipulate this value in the token (replace slashes with "SLASH" or something), I'll end up with a username that Snowflake will accept. Is this possible, and if so, how?
You can tackle this on the JWT auth method.
The GitHub OIDC documentation shows a sample token that includes the field repository_id, which is simply a number with no problematic characters, so my first thought would be to switch to leveraging that field when creating your aliases.
If that repository_id field is NOT globally unique, I would create a different JWT Auth Method per GitHub organization that you're supporting. That way, you don't need to have the organization referenced in the alias name to create a unique alias, and the GitHub organization is defined by the location of the auth method mount. (vault auth enable -path="github.com/org-name" jwt might be a reasonable path in this pattern.)
If that repository_id field IS globally unique, then you only need to switch to that field in the JWT role definition user_claim parameter and you're done.
Yes, this will make things less user-friendly and more arcane - in order to resolve the repository ID, you'll have to do a GitHub API call, which will make audit log review include additional steps - but I don't see any other point at which you have control over the strings in the auth flow.
I have been using some tutorials to understand what properties must be set in the application.yml. There does not seem to be any documentation on the complete set of properties that can be set. Here's an example
security:
saml2:
relyingparty:
registration:
samlexample:
signing:
credentials:
- private-key-location: "classpath:credentials/private.key"
certificate-location: "classpath:credentials/certificate.crt"
decryption:
credentials:
- private-key-location: "classpath:credentials/private.key"
certificate-location: "classpath:credentials/certificate.crt"
identityprovider:
singlesignon:
sign-request: false
# metadata-uri: https://dev-2148273.okta.com/app/exk2iacdpvAt1bS3D5d7/sso/saml/metadata
metadata-location: "classpath:okta-metadata.xml"
Does anyone know of documentation related to which SAML properties I can set ? For example the last property is not correct. Instead of a URI, I wanted to create a file with the metadata and use that in the application.yml but I dont know what the property name is.
It would be helpful to have a webpage with documentation on the SAML 2 properties that can be set in application.yml.
I think you can deduce the full number of parameters in the class RelayingPartyRegistration which is what a registration is instantiated into:
https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.html
As a matter of fact, there are ways in which you instead of adding properties add the registration as a class manually in which case this restriction should be obvious. Check example 130 here : https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-saml2login-sansboot
I wanted to create a file with the metadata and use that in the
application.yml but I dont know what the property name is.
I was able to use the file:/// URI prefix for the same metadata-uri property value. For example, a metadata file on a different Windows computer:
metadata-uri: file:///\\server\share_name$\path\to\file\metadata.xml
You might be able to adapt that for a file on the same server and provide only the absolute path.
I have been using some tutorials to understand what properties must be
set in the application.yml. There does not seem to be any
documentation on the complete set of properties that can be set
My sympathies, I have the same problem.
I'm writing a Swagger specification for an future public API that requires a very detailed and clean documentation. Is there a way to reference/link/point to another endpoint at some other location in the swagger.yml file?
For example, here is what I am trying to achieve:
paths:
/my/endpoint:
post:
tags:
- Some tag
summary: Do things
description: >
This endpoint does things.
See /my/otherEndpoint for stuff # Here I would like to have some kind of hyperlink
operationId: doThings
consumes:
- application/json
produces:
- application/json
parameters:
...
responses:
...
/my/otherEndpoint: # This is the endpoint to be referenced to
get:
...
I have found that $ref does not help because it simply replaces itself with the contents of the reference.
Can Swagger do such a thing?
Swagger UI provides permalinks for tags and operations if it's configured with the deepLinking: true option. These permalinks are generated based on the tag names and operationId (or if there are no operationId - based on the endpoint names and HTTP verbs).
index.html#/tagName
index.html#/tagName/operationId
You can use these permalinks in your Markdown markup:
description: >
This endpoint does things.
See [/my/otherEndpoint](#/tagName/myOtherEndpointId) for stuff
Notes:
Markdown links (such as above) currently open in a new browser tab (as with target="_blank") - see issue #3473.
HTML-formatted links foobar currently don't work.
Swagger Editor does not support such permalinks.
I am currently working on Azure API App services, In that I have little bit confusion for generating swagger metadata using swashbuckler. for that I read the below documentation in that they are mentioning to see your metadata just add swagger/docs/v1 at the end your API url.
https://learn.microsoft.com/en-us/azure/app-service-api/app-service-api-dotnet-get-started
I am also did same thing and I am able to see my metadata generation In the form JSON. but when I added swagger/help/v1 or swagger/help/v2 at the end of my API url, I am not getting any metadata in the form JSON.
Is there any reason using only swagger/docs/v1 for generating swagger metadata in the form JSON or others also allowed like swagger/help/v1 etc.
Swashbuckle's default path is /swagger/docs/v1, and the Swashbuckle docs show how to change that path.
httpConfiguration
.EnableSwagger("docs/help/{apiVersion}", c => c.SingleApiVersion("v1", "A title for your API"))
.EnableSwaggerUi("sandbox/{*assetPath}");
In this case the URL to swagger json will be docs/help/v1 and the url to the swagger-ui will be sandbox/index.
When I click on raw url of a image in my private repo, it redirects to bytebucket.org & append a token so that it can be viewed publicly.These urls look something like this:
https://bytebucket.org/$username/$repo/raw/$sha/$filename.jpg?token=$sometoken.
I figured that these tokens are unique for each file. Is there any way I can get/generate this type of token through bitbucket api?