I have two policies in a main package which call the same instance (the locally running OPA server) like this:
package main
get[response] {
response := http.send({
"method" : "GET",
"url": "http://localhost:8181/v1/data/example"
})
}
put[response] {
response := http.send({
"method" : "PUT",
"url": "http://localhost:8181/v1/data/example",
"body": { "example": true }
})
}
I run my OPA server like this:
opa run -w -s main.rego --log-level debug --log-format text
When I curl the get policy I get a 200 response:
$ curl -X POST localhost:8181/v0/data/main/get
[{"body":{},"raw_body":"{}","status":"200 OK","status_code":200}]
However, when I curl the put policy it times out after 5 seconds:
$ curl -X POST localhost:8181/v0/data/main/put
{
"code": "internal_error",
"message": "error(s) occurred while evaluating query",
"errors": [
{
"code": "eval_builtin_error",
"message": "http.send: Put http://localhost:8181/v1/data/example: net/http: request canceled (Client.Timeout exceeded while awaiting headers)",
"location": {
"file": "main.rego",
"row": 11,
"col": 14
}
}
]
}
Does anyone know why this might be happening for PUT and not GET requests against the OPA instance?
Meanwhile a comparable curl works fine:
curl -X PUT -d "{}" http://localhost:8181/v1/data/example
I'm aware this is a strange/bad 'use case' but I'm asking out of curiosity in an attempt to better understand what's going on in the rego http functionality.
OPA currently supports multiple concurrent read transactions (e.g., policy queries) and one concurrent write transaction (e.g., updating data). However, when the write transaction commits, OPA waits until readers have finished.
Since you are executing a write operation from inside a policy query, the commit for the write operation blocks. This is why you see the timeout w/ the put rule. You do not see a timeout with the get rule because there are no write transactions (so nothing blocks.)
This is an implementation detail of OPA. In theory OPA could support multiple concurrent readers and writers and in that case you could modify data from inside a policy query. It's just not a high-priority feature.
That said, we do not recommend doing this.
Related
I'm trying to create Organizational branding via Graph API
Unfortunately it doesn't work as documented
curl --fail-with-body --silent --show-error --oauth2-bearer TOKEN -X PUT -H 'Content-Type: application/json' -d #- https://graph.microsoft.com/v1.0/organization/7c9674e7-ad41-482b-af13-fff7ba1c38f6/branding <<< '{
"backgroundColor":"#FFFF33",
"signInPageText":"Welcome",
"usernameHintText":"hint"
}'
{
'error': {
'code': 'Request_BadRequest',
'message': 'Specified HTTP method is not allowed for the request target.',
'innerError': {
'date': '2021-04-21T12:59:57',
'request-id': 'a5ce577c-d0a9-4888-9999-521d7ba452b1',
'client-request-id': 'a5ce577c-d0a9-4888-9999-521d7ba452b1'
}
}
neither PATCH works:
curl --fail-with-body --silent --show-error --oauth2-bearer TOKEN -X PATCH -H 'Content-Type: application/json' -d #- https://graph.microsoft.com/v1.0/organization/7c9674e7-ad41-482b-af13-fff7ba1c38f6/branding <<< '{
"backgroundColor":"#FFFF33",
"signInPageText":"Welcome",
"usernameHintText":"hint"
}'
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '7c9674e7-ad41-482b-af13-fff7ba1c38f6' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-04-21T13:07:43",
"request-id": "c2c7056b-0043-40cb-82b8-6d262f190005",
"client-request-id": "c2c7056b-0043-40cb-82b8-6d262f190005"
}
}
I tried opening an Azure support request but they told me
The AAD Developer queue is experiencing a very high number of requests.
Please expect a delay in the assignation as the cases are assigned considering case severity, time in queue, customer service level and business impact.
Since Azure support has proven to be useless yet again, maybe somebody here would be able to help me? :)
Based on my test, I have the same error when I use PUT method.
But PATCH works fine for me.
id should be the organization id or tenant id.
Please get the id first with
GET https://graph.microsoft.com/beta/organization/
Then use the id for PATCH method:
PATCH https://graph.microsoft.com/v1.0/organization/{id}/branding
Content-Type: application/json
Content-Language: en-US
{
"backgroundColor": "#FFFF33",
"signInPageText": "Welcome",
"usernameHintText": "hint"
}
Update:
Application token is not supported for this endpoint. See Permissions.
Microsoft support finally responded (after 2 months!) with
Application Permission are currently not supported on this
endpoint, meaning that you will need an on-behalf of user token with
Delegated permissions to use this endpoint.
Since your goal was to automate this process, one workaround that
sometimes is feasible is to have a dedicated user in your tenant to
perform those actions, and that will authenticate with ROPC flow. This
flow allows to directly send the credentials information (username and
password) and because of that does not require an UI or interaction.
There is currently a known issue regarding the GET and PATCH method for the branding endpoint that is already reported and the fix
is in progress. This issue will cause an 404 error mentioning that the
tenant resource is not found.
Issue seems to be with locale being used, If you wish to get/update
the default branding, can you please try to include an header with
Accept-language as 0 (shown in the below image), if you want to get
branding for any other locale, you’ll need to pass the valid ISO-639
locale.
I have been trying to use the API to retrieve my activities but I'm receiving the following JSON error.
{
"error": {
"code": 403,
"message": "The request is not properly authorized.",
"errors": [
{
"message": "The request is not properly authorized.",
"domain": "youtube.activity",
"reason": "forbidden"
}
]
}
}
, although I use https://www.googleapis.com/youtube/v3/activities?mine=true&key={my_api_key}&part=contentDetails and I use OAuth2 client to get an access token which I use on calling the API.
I tried to use the samples but I'm receiving the same error.
Is this a bug or I'm doing something wrong?
More details
I use the given link in postman with the GET method and I put a valid access token in the token field with TYPE=OAuth2 and Prefix=Bearer
According to the official specification of the Activities.list API endpoint, for to be able to use its mine request parameter, you have to issue the call to the endpoint while passing to it proper credentials:
mine (boolean)
This parameter can only be used in a properly authorized request. Set this parameter's value to true to retrieve a feed of the authenticated user's activities.
Therefore, using an API key is not sufficient (neither is required when issuing a properly authorized request).
Do note that the JSON error response obtained from the API agrees entirely with the specification quoted above.
According to the official (programming language agnostic) procedure, for to obtain a valid fresh access token from the API, issue a simple curl instance as follows:
$ curl \
--data 'grant_type=refresh_token' \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "client_secret=$CLIENT_SECRET" \
--data-urlencode "refresh_token=$REFRESH_TOKEN" \
https://oauth2.googleapis.com/token
Above, $CLIENT_ID and $CLIENT_SECRET are the values of the corresponding properties of your client secrets JSON file you've got from Google's developers console. The $REFRESH_TOKEN is your (long-lived) refresh token you've obtained upon running a successful OAuth2 authentication/authorization flow.
The output obtained from curl when successful would look like:
{
"access_token": "...",
"expires_in": 3599,
"scope": "...",
"token_type": "Bearer"
}
A call to the Activities.list endpoint as yours above using curl is immediate:
$ curl \
--header "Authorization: Bearer $ACCESS_TOKEN" \
'https://www.googleapis.com/youtube/v3/activities?mine=true&part=contentDetails&maxResults=25'
The parameter $ACCESS_TOKEN above is your freshly obtained valid access token; the output of curl would look like:
{
"kind": "youtube#activityListResponse",
"etag": "...",
"items": [
{
"kind": "youtube#activity",
"etag": "...",
"id": "...",
"contentDetails": {
...
}
},
...
],
"pageInfo": {
"totalResults": ...,
"resultsPerPage": 25
}
}
For to run the above curl commands on a Windows machine under CMD.exe -- assuming that you've substitued the $-variables yourself manually --, do replace the backslash character at the end of each line above with the caret character, ^. The percent character % should be doubled, i.e. should be replaced with %%, and the single quote characters ' should be replaced with double-quote characters ".
We have an excessively complex stored procedure in SQL Server (which I did not write and cannot change).
I created an Azure logic app, using a "Recurrence" (not a "Sliding Window") trigger, with an "Execute stored procedure (V2)" action, and set the "frequency" to run daily at 22:00 (10pm).
But, I try running it manually just to test it (Run Trigger).
It runs for between 9 1/2 and 10 1/2 minutes, then fails with a "Bad Gateway" and "Error 504" and "Timeout Expired" error (see JSON at bottom):
How do I increase the timeout? Is there a simple setting buried in Azure that I'm missing?
I never specified any gateway, and another, much simpler stored procedure with no gateway specification executed fine.
And lastly, I am an Azure neophyte.
Thank you.
{
"error": {
"code": 504,
"source": "logic-apis-eastus2.azure-apim.net",
"clientRequestId": "{I removed the client request Id before posting this}",
"message": "BadGateway",
"innerError": {
"status": 504,
"message": "Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.\r\nclientRequestId: {I removed the client request Id before posting this}",
"error": {
"message": "Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding."
},
"source": "sql-eus2.azconn-eus2.p.azurewebsites.net"
}
}
This question is about receiving POST request from somewhere. I'm looking for a google sheet script function that can take and handle data from the POST request in JSON format. Could you suggest any example?
The POST request is here:
https://script.google.com/macros/s/BOdirjv45Dn6FHrx_4GUguuS6NJxnSEeviMHm3HerJl4UsDBnDgfFPO/
{
"p1": "writeTitle",
"p2": [[URL]],
"p3": [[PIC_A]],
"p4": [[PIC_B]],
"p5": [[TITLE]]
}
application/json
doPost() doesn't work:
doPost(e) {
var json = JSON.parse(e.postData.contents);
Logger.log(json);
}
You want to retrieve the value from the request body as an object.
You have already deployed Web Apps.
If my understanding of your situation is correct, how about this modification?
Post and retrieved object:
As a sample, I used the following curl command to POST to Web Apps.
curl -L \
-H 'Content-Type:application/json' \
-d '{"p1": "writeTitle","p2": "[[URL]]","p3": "[[PIC_A]]","p4": "[[PIC_B]]","p5": "[[TITLE]]"}' \
"https://script.google.com/macros/s/#####/exec"
When above command is run, e of doPost(e) is as follows.
{
"parameter": {},
"contextPath": "",
"contentLength": 90,
"queryString": "",
"parameters": {},
"postData": {
"type": "application/json",
"length": 90,
"contents": "{\"p1\": \"writeTitle\",\"p2\": \"[[URL]]\",\"p3\": \"[[PIC_A]]\",\"p4\": \"[[PIC_B]]\",\"p5\": \"[[TITLE]]\"}",
"name": "postData"
}
}
The posted payload can be retrieved by e.postData. From above response, it is found that the value you want can be retrieved by e.postData.contents. By the way, when the query parameter and the payload are given like as follows,
curl -L \
-H 'Content-Type:application/json' \
-d '{"p1": "writeTitle","p2": "[[URL]]","p3": "[[PIC_A]]","p4": "[[PIC_B]]","p5": "[[TITLE]]"}' \
"https://script.google.com/macros/s/#####/exec?key=value"
value can be retrieved by e.parameter or e.parameters. And the payload can be retrieved by e.postData.contents.
Modified script:
In this modified script, the result can be seen at the Stackdriver, and also the result is returned.
function doPost(e) {
var json = JSON.parse(e.postData.contents);
console.log(json);
return ContentService.createTextOutput(JSON.stringify(json));
}
Note:
When you modified your script of Web Apps, please redeploy it as new version. By this, the latest script is reflected to Web Apps. This is an important point.
Reference:
Web Apps
Stackdriver Logging
If this was not what you want, I'm sorry.
When I curl the rest api, I get back an empty response but I know that there are pull-requests open.
What is the setting in bitbucket stash that allows anyone to view/read pull-requests without being authenticated?
curl -X GET https://bitbucket/rest/api/1.0/projects/{project}/repos/{repo}/pull-requests
response:
{
"size": 0,
"limit": 25,
"isLastPage": true,
"values": [],
"start": 0
}
Try
curl -X GET https://bitbucket/rest/api/1.0/projects/{project}/repos/{repo}/pull-requests?state=ALL
You can find more options for this specific API call at https://developer.atlassian.com/static/rest/bitbucket-server/latest/bitbucket-rest.html#idm140236731714560
This worked for me:
curl -D- -u user:password -X GET -H "Content-Type: application/json" -X GET https://bitbucket.com/rest/api/1.0/projects/ONEP/repos/oneplanner/pull-requests?state=OPEN
To check status to particular PR:
curl -X GET https://bitbucket/rest/api/1.0/projects/{project}/repos/{repo}/pull-requests/{pr-id}
DOC https://docs.atlassian.com/bitbucket-server/rest/5.16.0/bitbucket-rest.html#idm8287391664
Paged APIs
Bitbucket uses paging to conserve server resources and limit response size for resources that return potentially large collections of items. A request to a paged API will result in a values array wrapped in a JSON object with some paging metadata, like this:
{
"size": 3,
"limit": 3,
"isLastPage": false,
"values": [
{ /* result 0 */ },
{ /* result 1 */ },
{ /* result 2 */ }
],
"start": 0,
"filter": null,
"nextPageStart": 3
}
Clients can use the limit and start query parameters to retrieve the desired number of results.
The limit parameter indicates how many results to return per page. Most APIs default to returning 25 if the limit is left unspecified. This number can be increased, but note that a resource-specific hard limit will apply. These hard limits can be configured by server administrators, so it's always best practice to check the limit attribute on the response to see what limit has been applied. The request to get a larger page should look like this:
http://host:port/context/rest/api-name/api-version/path/to/resource?limit={desired size of page}
For example:
https://stash.atlassian.com/rest/api/1.0/projects/JIRA/repos/jira/commits?limit=1000
The start parameter indicates which item should be used as the first item in the page of results. All paged responses contain an isLastPage attribute indicating whether another page of items exists.
Important: If more than one page exists (i.e. the response contains "isLastPage": false), the response object will also contain a nextPageStart attribute which must be used by the client as the start parameter on the next request. Identifiers of adjacent objects in a page may not be contiguous, so the start of the next page is not necessarily the start of the last page plus the last page's size. A client should always use nextPageStart to avoid unexpected results from a paged API. The request to get a subsequent page should look like this:
http://host:port/context/rest/api-name/api-version/path/to/resource?start={nextPageStart from previous response}
For example:
https://stash.atlassian.com/rest/api/1.0/projects/JIRA/repos/jira/commits?start=25