Develop Reference

Docker API push to private registry error

I can't manage to push an image to a private registry using the docker API. I have read everything I found everywhere and tried everything with no luck...
I tried :
curl -X POST -H "X-Registry-Auth:XXXXXXXXXXXXXXX" http://dockerapiurl:2375/images/registryurl/python/push?tag=6
OR
curl -X POST -H 'X-Registry-Auth:{"username": "xxxxxx","password": "xxxxx", "serveraddress": "xxxx.url.net", "auth": ""}' http://dockerapiurl:2375/images/registryurl/python/push?tag=6
I always get the same error :
{"errorDetail":{"message":"errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"},"error":"errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"}
If I use docker push in CLI mode everything works, what am I doing wrong?
Thanks!!

it needs to be encoded in base 64, try this
XRA=`echo "{ \"username\": \"xxxxxx\", \"password\": \"xxxxxx\", \"email\": \"youmail#example.org\", \"serveraddress\": \"xxxxxx\" }" | base64 --wrap=0`
curl -X POST -d "" -H "X-Registry-Auth: $XRA" http://dockerapiurl:2375/images/registryurl/python/push?tag=6
end result should look like this
curl -X POST -d "" -H "X-Registry-Auth: eyAidXNlcm5hbWUiOiAieHh4eHh4IiwgInBhc3N3b3JkIjogInh4eHh4eCIsICJlbWFpbCI6ICJ5b3VtYWlsQGV4YW1wbGUub3JnIiB9Cg==" http://dockerapiurl:2375/images/registryurl/python/push?tag=6

not able to create Kafka topic with Kafka Rest Proxy - HTTP 415 Unsupported Media Type javax.ws.rs.NotSupportedException

I am following this documentation. I am able to get cluster's information like this:
curl -sk -X GET "https://xx.xx.xx.xx:8443/v3/clusters/"
the previous request works fine. However, when I try to create a topic I get HTTP 415 Unsupported Media Type javax.ws.rs.NotSupportedException error
command:
curl -sk -X POST \
-H "Content-Type: application/json" \
-d "{\"topic_name\":\"test1\",\"partitions_count\":6,\"replication_factor\":3,\"configs\":[]}" \
"https://xx.xx.xx.xx:8443/v3/clusters/xxxxxxx/topics"
does anyone have an idea on how to solve this issue?

I had the same issue, this worked for me.
curl -X POST -H "Content-Type: application/vnd.kafka.json.v2+json"
--data '{"records":[{"value":{"foo":"bar"}}]}' "https://localhost:8443/topics/test"

The example from this blog post worked for me:
POST http://localhost:8443/v3/clusters/<CLUSTER_ID>/topics
Content-Type: application/vnd.api+json
{
"data": {
"attributes": {
"topic_name": "topic",
"partitions_count": 1,
"replication_factor": 2,
"configs": []
}
}
}
So changing the Content-Type to application/vnd.api+json and using a different request body

Google speech-to-text API key not valid

I just following the Google-speech-to-text API examples..
reading quickstart guide.
but it has some trouble...
just curl command in this.
I just tried to change the Credential keys ..
but still not working .
just using windows and powershell.
curl -s -H "Content-Type:application/json" -H "Authorization:Bearer "$(gcloud auth application-default print-access-token)
https://speech.googleapis.com/v1/speech:recognize -d #sync-request.json
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}

KeyCloak bearer-only client shouldn't be able to invoke a secured endpoint when its credentials are wrong, but he can, why?

I have a Spring Boot application with this configuration:
server:
port: 9292
keycloak:
auth-server-url: http://localhost:8180/auth
realm: SampleRealm
resource: non-existing
public-client: false
principal-attribute: preferred_username
credentials:
secret: wrong-secret
bearer-only: true
I get an access token using another valid client (cli1, secret1):
curl -X POST \
-H "Authorization: Basic c2ItYXBwOmEyY2ViZmI2LTBjMzgtNDNiNS1hMDAwLThhYmUzYjU5YjJiMQ==" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'username=someuser&password=somepassword&grant_type=password' \
"http://localhost:8180/auth/realms/SampleRealm/protocol/openid-connect/token"
Now I use that bearer token to invoke my Spring Boot Service:
curl -X GET \
http://localhost:9292/me \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJPVE5xWF9jYWRXbEc1dGZYRmJVdEJ2V25hb2NTTGhuSm9LWndpOGxkYjZZIn0.eyJqdGkiOiI5ZTdlMjRmZC1lZDZmLTQzZTItYTFjZC1iMjlkMWRkN2I5ZWUiLCJleHAiOjE1MTk2NjQwODMsIm5iZiI6MCwiaWF0IjoxNTE5NjYzNzgzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvU2FtcGxlUmVhbG0iLCJhdWQiOiJzYi1hcHAiLCJzdWIiOiIyNTFlZjNhNS1iNTRkLTQ4MmMtYTAzZS0wN2MzN2M0OGE5ZWIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJzYi1hcHAiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJlNjdjMDBiYy0zODUxLTQ4ZjYtYTIxZi1hNDVhOGI0NGQyOGMiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIiwidXNlciJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKb3NlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamFpbmlnbyIsImdpdmVuX25hbWUiOiJKb3NlIiwiZW1haWwiOiJqYWluaWdvQHByb2ZpbGUuZXMifQ.bkMPSEvUHnVr5QoCsldKcFjKw3E_3Rhdu_SJ6LbgUehysAsLuG6pyjAQ4uqShTKphuXjOUf3E1eFMlttKSxZstCqP7iRU-OyHueGZ-_zGNx1ycvDBWSxCSmQufu9cx_dmnYW4NR9u5sSsZ052eDX0T0VgCvxeTtLJCsoH741SmJIVUvzrkPagKF_M_INVBQ3qaOds74o088qJy4GVJ8eZGqgsW9YOW6nNLV6kERwLAD9WZJoEARCdTBuGARTVJZuJ0lYVI0-jI0wN88T1G3vX3DZS0HIAROmgIait89PZ5wyfOu9u6ohTyFsi3uHV6uSJcN7x7t51snnBpr9KSSMMQ' \
-H 'Cache-Control: no-cache'
The Spring Boot App is correctly invoking the secured endpoint but it shouldn't be allowed to because the resource (non-existing) and secret (wrong-secret) don't actually exist, they haven't even been configured in KeyCloak!!! Why is this working? Shouldn't the client have its client-id client-secret validated?
o.k.a.BearerTokenRequestAuthenticator : Verifying access_token
o.k.a.BearerTokenRequestAuthenticator : access_token: xxxxxxxxxx.signature
o.k.a.rotation.JWKPublicKeyLocator : Going to send request to retrieve new set of realm public keys for client non-existing
o.k.a.rotation.JWKPublicKeyLocator : Realm public keys successfully retrieved for client non-existing. New kids: [OTNqX_cadWlG5tfXFbUtBvWnaocSLhnJoKZwi8ldb6Y]
o.k.a.BearerTokenRequestAuthenticator : successful authorized
Realm public keys successfully retrieved for client non-existing What??? non-existing client doesn't exist!!

Oauth2 Spring Security Authorization Code

I am trying to reproduce the oauth server provided here:
https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v
The curl call for testing this basic server should be:
curl acme:acmesecret#localhost:9999/uaa/oauth/token \
-d grant_type=authorization_code -d client_id=acme \
-d redirect_uri=http://example.com -d code=jYWioI
Though I keep getting the following error:
Invalid authorization code: jYWioI
Where is this authorization code to be configured in the authorization server?

You need to generate a new authorization code!
You can do it using the grant type authorization_code or password
Using the authorization_code:
Open your browser and to visit the authorization endpoint
http://localhost:9999/uaa/oauth/authorize?response_type=code&client_id=acme&redirect_uri=http://example.com
After the login process (login: user password: password), you will be redirected to
http://example.com/?code=CODE <-- this is the code that you should use in the next request
now you get the token:
curl acme:acmesecret#localhost:9999/uaa/oauth/token -d grant_type=authorization_code -d client_id=acme -d redirect_uri=http://example.com -d code=CODE
response: {"access_token":"eyJhbGciOiJS....."}
Using the password grantType:
curl acme:acmesecret#localhost:9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password
response: {"access_token":"eyJhbGciOiJS....."}
I recommend you to read more about oauth grantTypes, to know what's is better for your solution
https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified