tls: failed to find any PEM data in certificate input - Vault API - consul

I am following this documentation (https://www.vaultproject.io/api-docs/secret/consul) for creating consul secret engine, create role and get a token. But I am getting a bit of misleading error when trying to get the token. Any ideas or similar issues?
here are the steps that I execute:
list roles
curl \
--header "X-Vault-Token: s.xxx" \
--request LIST \
https://vault.service.brain.consul:8200/v1/consul/roles \
--key /opt/vault/tls/vault.key \
--cert /opt/vault/tls/vault.pem \
--cacert /opt/vault/tls/cachain.pem
output
{"request_id":"a9a892e9-dba0-f6ca-b181-b16718db281d","lease_id":"","renewable":false,"lease_duration":0,"data":{"keys":["consul-worker"]},"wrap_info":null,"warnings":null,"auth":null}
show role
curl \
--header "X-Vault-Token: s.xxx" \
https://vault.service.brain.consul:8200/v1/consul/roles/consul-worker \
--key /opt/vault/tls/vault.key \
--cert /opt/vault/tls/vault.pem \
--cacert /opt/vault/tls/cachain.pem
output
{"request_id":"6b3b6dd8-ff30-eb91-20c6-3c0bd105be30","lease_id":"","renewable":false,"lease_duration":0,"data":{"lease":0,"local":false,"max_ttl":0,"policies":["agent"],"token_type":"client","ttl":0},"wrap_info":null,"warnings":null,"auth":null}
get role token
curl \
--header "X-Vault-Token: s.xxx" \
https://vault.service.brain.consul:8200/v1/consul/creds/consul-worker \
--key /opt/vault/tls/vault.key \
--cert /opt/vault/tls/vault.pem \
--cacert /opt/vault/tls/cachain.pem
output
{"errors":["1 error occurred:\n\t* tls: failed to find any PEM data in certificate input\n\n"]}

Related

Using Curl to upload files to S3 using Signature v4

I'm trying to upload a file to s3 using this curl command (can't use awscli)
src_file=/path/to/file.png
dest_file=test_image.png
bucket=mybucket.com
s3Key="<key>"
s3Secret="<secret>"
contentsha=`openssl sha256 ${src_file} | awk '{print $NF}'`
curl https://${bucket}.s3.amazonaws.com/${dest_file} \
-H "x-amz-content-sha256: ${contentsha}" \
--aws-sigv4 "aws:amz:us-east-1:s3" \
--user "${s3Key}:${s3Secret}" \
--upload-file "${src_file}" \
--insecure
but I keep getting this error:
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
What am I doing wrong?

How can my webapp be resolving with invalid Host?

No sure how this could happen but I am getting 404 errors where the request data in my sentry project makes no sense. The project is using CloudFlare for DNS then it goes through an AWS network.
curl \
-H "Accept: */*" \
-H "Content-Length: " \
-H "Content-Type: " \
-H "Host: ${ip}" \
-H "User-Agent: curl/7.64.1" \
-H "X-Amzn-Trace-Id: Root=[Filtered]" \
-H "X-Forwarded-For: [Filtered]" \
-H "X-Forwarded-Port: 443" \
-H "X-Forwarded-Proto: https" \
"http://${ip}/"
How can my project throw a 404 when the requests hitting it are http://${ip}/. I don't see how this request could resolve to the project.
What could be causing this?
How can this be resolving?
Is this an issue with CloudFlare or AWS?

file transfer from 1 remote server to another remote server without downloading file

I am trying to write a Bash script on my server (My Server) that will grab a file from one remote server (Source) and copy it to a Dropbox account (Destination). I need to get the file from Source via SFTP and will be copying it to Destination using the Dropbox API (HTTPS). So far I can get the file with:
curl -k "sftp://Source/file.txt" --user "me:mypasswd" -o "/test/file.txt" --ftp-create-dirs
and then copy it to Dropbox with
curl -X POST https://content.dropboxapi.com/2/files/upload \
--header "Authorization: Bearer " \
--header "Dropbox-API-Arg: {\"path\": \"/path/to/file.txt\",\"mode\": \"add\",\"autorename\": true,\"mute\": false,\"strict_conflict\": false}" \
--header "Content-Type: application/octet-stream" \
--data-binary #/test/file.txt
I'm guessing the "right" way to do this is to pipe the file from Source directly to Destination, but I'm just not sure how to go about putting them together.
This is definitely not my area of expertise, so I don't even know where to start - nested CURL calls? If anyone could point me in the right direction, I'd be most appreciative.
UPDATE
Here's the whole curl command I'm running:
curl -X POST https://content.dropboxapi.com/2/files/upload \
--header "Authorization: Bearer $token" \
--header "Dropbox-API-Arg: {\"path\": \"/xfer/chef.txt\",\"mode\": \"add\",\"autorename\": true,\"mute\": false,\"strict_conflict\": false}" \
--header "Content-Type: application/octet-stream" \
--data-binary "$(curl -k "http://marketing.dave0112.com/file.txt" --user "me:mypasswd")"
I was having issues with CURL not supporting SFTP so I changed to HTTP while i get that end sorted out. Not sure if that affects anything.
You can replace this line :
--data-binary #/test/file.txt
with
--data-binary #<(curl -k "sftp://Source/file.txt" --user "me:mypasswd")
If problems, try :
--data-binary "$(curl -k "sftp://Source/file.txt" --user "me:mypasswd")"

Unable to upload files using InvokeHTTP

Im trying to upload a file into Box using the box api through Nifi invokeHTTP
I was able to upload using the postman and trying to replicate the cURL in Nifi InvokeHTTP attributes. But getting the error "the request was rejected because no multipart boundary was found"
How do i pass the boundary value to "Content-Type" in InvokeHTTP processor?
curl -X POST \
https://upload.box.com/api/2.0/files/content \
-H 'Authorization: Bearer YXXXXXXXXXXXXXXXXXX' \
-H 'Content-Type: multipart/form-data; boundary=--------------------------044837558017023342962729' \
-H 'Cookie: box_visitor_id=5d1df6ab8c6781.68299959; site_preference=desktop' \
-H 'Host: upload.box.com' \
-H 'Postman-Token: d3a8b995-d3d7-473b-a117-981b22a72e69,9ca8ce6e-fe32-445b-b2c7-6722b4777a96' \
-H 'User-Agent: PostmanRuntime/7.15.2' \
-H 'cache-control: no-cache' \
-H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \
-F file=#/C:/Users/xxxxxxx/Desktop/test.txt \
-F 'attributes={"name":"test.txt", "parent":{"id":"0"}}'
Following is the current processor configuration
InvokeHTTP configuration 1
InvokeHTTP configuration 2

Permission denied / Parse-migration

While following this guide(https://parse.com/migration), I run this command, as indicated, to check that things are working as expected:
curl -X POST \
-H "X-Parse-Application-Id: MY_APP_ID" \
-H "Content-Type: application/json" \
-d '{"score":1337,"playerName":"Sean Plott","cheatMode":false}' \
http://localhost:1337/parse/classes/GameScore
And I get this message:
{"code":119,"error":"Permission denied for action create on class GameScore."}
Where do I need to set the permissions, so that it is no more denied?

Resources