What is a best, simple way to authenticate Vision API on heroku?
In development I just use:
#vision = Google::Cloud::Vision.new( project: "instacult",
keyfile: "path/to/keyfile.json" )
Where keyfile is a json produced by google after creating service account (https://cloud.google.com/vision/docs/common/auth).
But obviously I can't just upload the keyfile to github.
I tried saving whole json to Heroku's config vars and running:
Rails.env.production? ? ENV["GOOGLE_CREDENTIALS"] : path
But I got "is not a valid file" in heroku's logs. Seems logical since I'm not passing a file but an object. But how to get over it?
Cheers,
Kai
SOLVED:
Turns out you can provide a json object in environment variable, but there is a naming convention.
Here are the environment variables (in the order they are checked) for
credentials:
VISION_KEYFILE - Path to JSON file
GOOGLE_CLOUD_KEYFILE - Path to JSON file
VISION_KEYFILE_JSON - JSON contents
GOOGLE_CLOUD_KEYFILE_JSON - JSON contents
source: https://googlecloudplatform.github.io/google-cloud-ruby/#/docs/google-cloud-vision/v0.23.0/guides/authentication
So I ended up with calling:
#vision = Google::Cloud::Vision.new( project: "instacult")
Having set VISION_KEYFILE_JSON in my ~/.bashrc:
export VISION_KEYFILE_JSON='the_json_content'
and on heroku (https://devcenter.heroku.com/articles/config-vars#limits).
Related
We have a Rails app running in Windows that uses Puma. So far we've stored our SSL/TLS certificates on the filesystem, which seems to be the standard in general, and the way Puma is designed to take in that data when starting up.
We would like to instead keep only an encrypted PKCS#12 file (.12) on disk, that holds all certificate data (one or more certificates and the private key), pulls out the specific certs during puma start up into variables, and then feeds that directly into the Puma ssl_bind command.
So I'm trying to figure out if Puma can accept variables that hold certificate data, as opposed to providing the expected cert_path and key_path that point at plaintext files.
I've tried a few different ways of replacing the file paths with variables, but I only get errors so far (see below for example). I've output the cert key along side the same from the file system, and they look identical to me. I've read other somewhat related SO threads that suggest maybe I need to add newlines or otherwise slightly manipulate the data in my variables, but that line of thinking has confused me so far and I'm not sure if it really pertains to my scenario. I think it comes down to ssl_bind expecting a file path, and likely running "file open" logic under the hood. Does it simply not support taking it directly?
Here is an example of what works today:
# tls.key and tls.crt are already sitting on filesystem
ssl_bind '0.0.0.0', '443', {
key: 'certs/tls.key',
cert: 'certs/tls.crt',
no_tlsv1: true,
no_tlsv1_1: true,
verify_mode: 'none'
}
Here is an example of what we want to do
require 'openssl'
# get p12 password out of secrets at runtime
p12_password = Rails.application.credentials.p12[:password].to_s
# open encrypted p12 file
p12 = OpenSSL::PKCS12.new(File.binread('certs/tls.p12'), p12_password)
# pull out certificate and key from p12
leafkey = p12.key.to_pem
leafcertificate = p12.certificate.to_pem
ssl_bind '0.0.0.0', '443', {
key: leafkey,
cert: leafcertificate,
no_tlsv1: true,
no_tlsv1_1: true,
verify_mode: 'none'
}
The error we receive from the above is:
C:/Ruby27-x64/lib/ruby/gems/2.7.0/gems/puma-4.3.8/lib/puma/minissl.rb:209:in `key=': No such key file '-----BEGIN EC PRIVATE KEY-----MDECAQEEIBccaYhSLodf 4TRzzWkOE5rr8t Ul0oQHcjYmmoiuvloAoGCCqGSM4jdu73-----END EC PRIVATE KEY-----' (ArgumentError)
This is the valid EC key data, but Puma/ssl_bind appears confused (not surprisingly) that it's not the expected path to a file on disk that contains this data. Can we trick Puma into accepting it directly this way?
Thank you for reading and taking the time to express any thoughts you may have!
This requirement was added as a enhancement in this PR
So far it looks like I was able to update Puma from 4.3.8 directly to 5.6.2 without any fuss. We did need to update 2 options to the *_pem versions, i.e.,
cert becomes cert_pem and
key becomes key_pem
With this in place, it JUST WORKED.
Example running with puma 5.6.2:
require 'openssl'
# using cleartext password for testing/simplicity
p12 = OpenSSL::PKCS12.new(File.binread('certs/tls.p12'), "1234")
leafcertificate = p12.certificate.to_pem
leafkey = p12.key.to_pem
ssl_bind '0.0.0.0', '443', {
cert_pem: leafcertificate,
key_pem: leafkey,
no_tlsv1: true,
no_tlsv1_1: true
}
Personal lessons learned: I should have prioritized digging into the Puma repo: pull requests, issues, etc.
What is the format for the PostgreSQL connection string (URL postgres://...) when the host is not the localhost?
If you use Libpq binding for respective language, according to its documentation URI is formed as follows:
postgresql://[user[:password]#][netloc][:port][/dbname][?param1=value1&...]
Here are examples from same document
postgresql://
postgresql://localhost
postgresql://localhost:5432
postgresql://localhost/mydb
postgresql://user#localhost
postgresql://user:secret#localhost
postgresql://other#localhost/otherdb?connect_timeout=10&application_name=myapp
postgresql://localhost/mydb?user=other&password=secret
The following worked for me
const conString = "postgres://YourUserName:YourPassword#YourHostname:5432/YourDatabaseName";
DATABASE_URL=postgres://{user}:{password}#{hostname}:{port}/{database-name}
Here is the documentation for JDBC, the general URL is "jdbc:postgresql://host:port/database"
Chapter 3 here documents the ADO.NET connection string,
the general connection string is Server=host;Port=5432;User Id=username;Password=secret;Database=databasename;
PHP documentation us here, the general connection string is
host=hostname port=5432 dbname=databasename user=username password=secret
If you're using something else, you'll have to tell us.
the connection url for postgres
syntax:
"Server=host ipaddress;Port=5432;Database=dbname;User Id=userid;Password=password;
example:
"Server=192.168.1.163;Port=5432;Database=postgres;User Id=postgres;Password=root;
server.address=10.20.20.10
server.port=8080
database.user=username
database.password=password
spring.datasource.url=jdbc:postgresql://${server.address}/${server.port}?user=${database.user}&password=${database.password}
The connection string can also be retrieved programmatically from working DB connectors.
For instance I sometimes extract connection strings from SQLAlchemy's engine, like this:
> db_engine.url
postgres://{user}:{password}#{host}:{port}/{db_name}?sslmode=require
Some people seem to misread the database name as a server name and the host as a postgresql server? A host hosts a postgresql server that has a database. Or am I missing something.
postgresql://my_host/&server=my_postgresql_server?user=my_user&port=my_port&password=my_password&database=my_database
Example:
my_host: can be "localhost" (but that is not in the question) or an ip address of a host.
postgresql://my_host/&server=postgres?user=postgres&port=5432&password=postgres&database=test_db
Worked for me in Python with sqlalchemy and a postgresql localhost running. Needs sqlalchemy, postgresql, and psycopg2 to get it to work.
PS: The question is about a postgres://... URL, but this would not work here. Instead, you need postgresql, and what is run in the end in Python is dialect+driver (see Database URLs) = postgresql+psycopg2, without having to write it like this.
The general format of database url
DATABASE_URL=postgresql://username:password#host:port/dtabase_name
If you are using postgresql sql with asyncpg the database url would be
DATABASE_URL=postgresql+asyncpg://username:password#host:port/dtabase_name
Remember to never push your database password so you should use your DATABASE_URL in .env file
The port is optional if you use the default one
Like this you can connect both local and remote database think of that once you want to check an issue that occur in the remote deployed versions
ex of localhost DATABASE_URL would be
DATABASE_URL=postgresql+asyncpg://postgres:dina#localhost/mysens
If you deployed your database on Heroku and you want to connect it with your local app, go to Heroku Postgres installed add-on go to settings and click on view credential in Database Credentials and use the uri to connect to your database
DATABASE_URL=postgresql+asyncpg://sqnalxxxxxxxxx:160xxxx2bdd2942b26c93c392xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx#ec2-35-173-91-114.compute-1.amazonaws.com:5432/del6o4cjoqfsov
I'm trying to get some data from JSON via Angular, but getting this error
XMLHttpRequest cannot load http://localhost:3000/movies.json. No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://blabla.herokuapp.com' is therefore not
allowed access.
But I have this config and there is right host:
var app = angular.module('Test', ['restangular'])
.config(function (RestangularProvider) {
RestangularProvider.setBaseUrl("http://blabla.herokuapp.com");
RestangularProvider.setRequestSuffix('.json');
RestangularProvider.setDefaultHttpFields({xsrfCookieName:'csrftoken', xsrfHeaderName:'X-CSRFToken'});
});
On the local machine this works fine(if I replace setBaseUrl of course)
Problem was in assets(js files).
Need to do rake assets:precompile before deploy on heroku or include rake/assets/* in gitignore.
I am trying to integrate swagger with camel project
following this example https://github.com/smparekh/camel-example-servlet-rest-tomcat
How do i access swagger-ui using this example project ?
I delopyed the war file in tomcat.
and access http://localhost:8080/camel-example-servlet-rest-tomcat/api-docs i get this ...
{"apiVersion":"1.2.3","swaggerVersion":"1.2","apis":[{"path":"/user","description":"User rest service"}],"info":{"title":"User Services","description":"Camel Rest Example with Swagger that provides an User REST service"}}
BUT MY QUESTION IS - how do i access swagger-ui/index.html?
what is the exact URL to access swagger-UI?
You must copy the contents of the dist folder of swagger-ui into your project's webapp folder.
In index.html,
window.swaggerUi = new SwaggerUi({
url: "http://petstore.swagger.wordnik.com/api/api-docs",
dom_id: "swagger-ui-container",
you must replace url with this
http://localhost:8080/camel-example-servlet-rest-tomcat/api-docs
For details, Follow this link to integrate swagger-ui.
https://github.com/swagger-api/swagger-ui
You should use http://localhost:${port}/${contextPath}/swagger/index.html
http://localhost:8080/camel-example-servlet-rest-tomcat/{basepath}/dist/index.html if you have copied dist folder as is. If you have renamed dist folder, use the new name instead of dist. replace basepath with basepath you have configured in web.xml. The code snippet for that looks like this:
<init-param>
<param-name>swagger.api.basepath</param-name>
<param-value>/rest</param-value>
</init-param>
To access swagger2 it is
http://localhost:${port}/${contextPath}/swagger-ui.html
These are your Swagger Docs:
{"apiVersion":"1.2.3","swaggerVersion":"1.2","apis":[{"path"...
Now you need Swagger-UI to consume them. You can install it anywhere. There is no hard requirement that you put Swagger-UI in your project. You just need to edit the index.html file to point to your docs path (the JSON output above.)
I am trying to get access token using from facebook graph API in my rails 2.3 based web application. The request I am sending for that is :
https://graph.facebook.com/oauth/access_token?client_id=<client_id>
&redirect_uri=http://localhost:3001/facebook_callback
&client_secret=<client_secret>
&code=AQBgog2NvoUYQCXsa2bGpj--s9RD71F3zTKX344cUZ-
AWX4CNhdx3Yerl_wmzQkQ4zIUFVS_CRoN0zXaEW63dHcC9sH6_
vl7ljSxwA6TLSrkWVcfdfdrmwBTlMNIzyJr0h6irGW1LCdTw8
Racgd8MQ9RgVn1gFL26epWA
And it is redirecting me to
http://localhost/facebook_callback?code=AQBgog2NvoUYQCXsa2bGpj--
s9RD71F3zTKX344cUZ AWX4CNhdx3Yerl_wmzQkQ4zIUFVS_CRoN0mAB_Sr1H4K
dXIlzXaEW63dHcC9sH6_vl7ljSxwA6TLSrkWVcfdfdrmwBTlMNIzyJr0h6irG
SxsrRAXtdviNsBTMW1LCdTw8Racgd8MQ9RgVn1gFL26epWA
I am getting error in both development and production environment . I am not able to get the access token. Has anyone else face the problem ??
This looks correct - Facebook redirects to your redirect url with the code= parameter. You then need to exchange the code for an access token. See here: http://developers.facebook.com/docs/authentication/
edit: my bad, I misread the first section. You can sometimes have problems using localhost as a redirect. Are you using a live domain without port in your non-test environment?
Well, I found solution of my problem :
The problem was with the path which I was using for request of access_token . I placed a slash in front of the path and bingo. It worked like a charm.
So instead of
oauth/access_token?client_id=#{ #client_id }&redirect_uri=#{ #redirect_uri }&client_secret=#{ #client_secret }&code=#{ code }"
we just need to use
/oauth/access_token?client_id=#{ #client_id }&redirect_uri=#{ #redirect_uri }&client_secret=#{ #client_secret }&code=#{ code }".
Thanks to all people for your efforts.