I am following the guides here to create a token for the elastic/fleet-server service account.
I successfully created the token with the command:
bin/elasticsearch-service-tokens create elastic/fleet-server fleet-token
and try to execute the request http://localhost:9200/_security/_authenticate with the bearer authorization. I receive the following error:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "failed to authenticate service account [elastic/fleet-server] with token name [fleet-token]",
"header": {
"WWW-Authenticate": [
"Basic realm=\"security\" charset=\"UTF-8\"",
"ApiKey"
]
}
}
],
"type": "security_exception",
"reason": "failed to authenticate service account [elastic/fleet-server] with token name [fleet-token]",
"header": {
"WWW-Authenticate": [
"Basic realm=\"security\" charset=\"UTF-8\"",
"ApiKey"
]
}
},
"status": 401
}
It clearly understands the token because it provides the token name in the error message. The permissions for that service account are below:
"elastic/fleet-server" : {
"role_descriptor" : {
"cluster" : [
"monitor",
"manage_own_api_key"
],
"indices" : [
{
"names" : [
"logs-*",
"metrics-*",
"traces-*",
"synthetics-*",
".logs-endpoint.diagnostic.collection-*",
".logs-endpoint.action.responses-*"
],
"privileges" : [
"write",
"create_index",
"auto_configure"
],
"allow_restricted_indices" : false
},
{
"names" : [
".fleet-*"
],
"privileges" : [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices" : false
}
],
"applications" : [
{
"application" : "kibana-*",
"privileges" : [
"reserved_fleet-setup"
],
"resources" : [
"*"
]
}
],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
I am running Elastic/Kibana/Elastic-Agent with Docker, version 7.17.6.
The documentation seems fairly straight forward so not sure where to go from here. Any thoughts?
Related
I need to return AppointmentTypes as a FHIR resource. Unfortunately, I couldn't find it as an official FHIR resource format.
My best guess would be to create a Basic resource, like this:
{
"resourceType": "Basic",
"id" : "id-of-appointment-type",
"identifier" : [
{
"use" : "secondary",
"system" : "http://myUrl/myIdentifier",
"value" : "7"
}
],
"code" : {
"coding": [
{
"system": "http://myUrl/appointment-type",
"code": "appointment-type"
}
]
},
"text" : {
"status" : "generated",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">AppointmentType</div>"
},
"extension": [
{
"url": "http://myUrl/appointment-type-name",
"valueString": "New Patient"
},
{
"url": "http://myUrl/appointment-type-availability",
"valueBoolean": true
}
],
"meta" : {
"lastUpdated" : "2020-05-27T00:00:00.000Z"
}
}
Would this be the right way to create the AppointmentType resource?
I don't see any obvious issues, but did you evaluate using CodeSystem? You can define properties on CodeSystem codes which would be able to distinguish available from non-available appointment types - and that would work better with Appointment, where 'type' is expected to be a code.
i've found that the default credentials for ES are elastic:changeme but it's not working for me! am i missing something?
the error :
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "failed to authenticate user [elastic]",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type": "security_exception",
"reason": "failed to authenticate user [elastic]",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
},
"status": 401
}
i have found the solution :
just run the command bin/elasticsearch-setup-passwords auto -u "http://localhost:9200" on cmd and passwords will be regenerated and printed in the console.
I have the following cloud formation JSON template. This template is the default template provided by AWS for C#(Dotnet) Web API Lambda proxy integration.
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Transform" : "AWS::Serverless-2016-10-31",
"Description" : "An AWS Serverless Application that uses the ASP.NET Core framework running in Amazon Lambda.",
"Parameters" : {
"ShouldCreateBucket" : {
"Type" : "String",
"AllowedValues" : ["true", "false"],
"Description" : "If true then the S3 bucket that will be proxied will be created with the CloudFormation stack."
},
"BucketName" : {
"Type" : "String",
"Description" : "Name of S3 bucket that will be proxied. If left blank a new table will be created.",
"MinLength" : "0"
}
},
"Conditions" : {
"CreateS3Bucket" : {"Fn::Equals" : [{"Ref" : "ShouldCreateBucket"}, "true"]},
"BucketNameGenerated" : {"Fn::Equals" : [{"Ref" : "BucketName"}, ""]}
},
"Resources" : {
"ProxyFunction" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
"Handler": "DotnetLanmada::DotnetLanmada.LambdaEntryPoint::FunctionHandlerAsync",
"Runtime": "dotnetcore2.0",
"CodeUri": "",
"MemorySize": 256,
"Timeout": 30,
"Role": null,
"Policies": [ "AWSLambdaFullAccess" ],
"Environment" : {
"Variables" : {
"AppS3Bucket" : { "Fn::If" : ["CreateS3Bucket", {"Ref":"Bucket"}, { "Ref" : "BucketName" } ] }
}
},
"Events": {
"PutResource": {
"Type": "Api",
"Properties": {
"Path": "/{proxy+}",
"Method": "ANY"
}
}
}
}
},
"Bucket" : {
"Type" : "AWS::S3::Bucket",
"Condition" : "CreateS3Bucket",
"Properties" : {
"BucketName" : { "Fn::If" : ["BucketNameGenerated", {"Ref" : "AWS::NoValue" }, { "Ref" : "BucketName" } ] }
}
}
},
"Outputs" : {
"S3ProxyBucket" : {
"Value" : { "Fn::If" : ["CreateS3Bucket", {"Ref":"Bucket"}, { "Ref" : "BucketName" } ] }
}
}
}
This template creates a Lambda function, API Gateway, and an S3 bucket. All the requests to API gateway are proxy-ed to the Lambda function. I want to authenticate all the requests to API gateway using an existing Cognito user pool. Basically, the API gateway will have a Cognito user pool authorizer and the proxy function is authorized with that. Since the API Gateway creation part is hidden in this template I have no clue how to add a Cognito user pool authorizer here.
Thanks in advance.
One way to achieve what you want is to export the ARN of your Lambda function, and then import it into your API Gateway stack.
To export your function's ARN, in your Outputs section add:
"Function": {
"Value": ProxyFunction.Arn,
"Export": {
"Name": "ProxyFunction::Arn"
}
}
You will also need to have an invocation permission for API Gateway to invoke your function. You can add something like this to your stack:
"LambdaInvocationPermission": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": { "Fn::GetAtt" : [ "ProxyFunction", "Arn" ] },
"Principal": "apigateway.amazonaws.com"
}
}
Then in your API Gateway stack, you can reference your function's ARN with
{ "Fn::ImportValue" : "ProxyFunction::Arn" }
I am having trouble figuring out the problem with the API hit to create a Google virtual machine through Google Compute Engine API.
URL: https://cloud.google.com/compute/docs/reference/latest/instances/insert?apix=true#examples
My request data is:
{
"machineType": "zones/us-central1-c/machineTypes/f1-micro",
"name": "api-test",
"networkInterfaces": [
{
"accessConfigs": [
{
"type": "ONE_TO_ONE_NAT",
"name": "External NAT"
}
],
"network": "global/networks/default"
}
],
"disks": [
{
"boot": true,
"autoDelete": true,
"type": "SCRATCH"
}
]
}
and I am getting output:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Code: '55C355EC47648.A8E5D85.FA0DAF10'"
}
],
"code": 503,
"message": "Code: '55C355EC47648.A8E5D85.FA0DAF10'"
}
}
Doesn't give me any reason for the error. Same issue is when I hit the API using Ruby Library. Authentication is fine as I can do various other stuff like getting the images and running instances data. Please help me out.
Figured out the problem. We have to use the disks type as "PERSISTENT" rather than "SCRATCH" and specify the disks["initializeParams"]["sourceImage"] as an existing image from https://console.cloud.google.com/compute/images and then use it like this in the request body of your request:
{
"name": "api-test3",
"machineType": "zones/us-central1-c/machineTypes/f1-micro",
"networkInterfaces": [
{
"accessConfigs": [
{
"type": "ONE_TO_ONE_NAT",
"name": "External NAT"
}
],
"network": "global/networks/default"
}
],
"disks": [
{
"boot": "true",
"type": "PERSISTENT",
"autoDelete": "true",
"initializeParams": [
{
"sourceImage": "global/images/ubuntu-1404-lts"
}
]
}
]
}
I am not able to set LBCookieStickinessPolicy for ELB using the cloudformation script.
"LBCookieStickinessPolicy": [
{
"PolicyName": "Sample",
"CookieExpirationPeriod": "180"
}
]
You need to associate this policy with a listener. Include the policy name in the listener's PolicyNames property.
"LBCookieStickinessPolicy" : [{
"PolicyName" : "Sample",
"CookieExpirationPeriod" : "180"
} ],
"Listeners" : [ {
"LoadBalancerPort" : "80",
"InstancePort" : { "Ref" : "InstancePort" },
"Protocol" : "HTTP",
"PolicyNames" : [ "Sample" ]
} ],