Develop Reference

Elastic fleet server, authenticate with service account token 401

I am following the guides here to create a token for the elastic/fleet-server service account.
I successfully created the token with the command:
bin/elasticsearch-service-tokens create elastic/fleet-server fleet-token
and try to execute the request http://localhost:9200/_security/_authenticate with the bearer authorization. I receive the following error:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "failed to authenticate service account [elastic/fleet-server] with token name [fleet-token]",
"header": {
"WWW-Authenticate": [
"Basic realm=\"security\" charset=\"UTF-8\"",
"ApiKey"
]
}
}
],
"type": "security_exception",
"reason": "failed to authenticate service account [elastic/fleet-server] with token name [fleet-token]",
"header": {
"WWW-Authenticate": [
"Basic realm=\"security\" charset=\"UTF-8\"",
"ApiKey"
]
}
},
"status": 401
}
It clearly understands the token because it provides the token name in the error message. The permissions for that service account are below:
"elastic/fleet-server" : {
"role_descriptor" : {
"cluster" : [
"monitor",
"manage_own_api_key"
],
"indices" : [
{
"names" : [
"logs-*",
"metrics-*",
"traces-*",
"synthetics-*",
".logs-endpoint.diagnostic.collection-*",
".logs-endpoint.action.responses-*"
],
"privileges" : [
"write",
"create_index",
"auto_configure"
],
"allow_restricted_indices" : false
},
{
"names" : [
".fleet-*"
],
"privileges" : [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices" : false
}
],
"applications" : [
{
"application" : "kibana-*",
"privileges" : [
"reserved_fleet-setup"
],
"resources" : [
"*"
]
}
],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
I am running Elastic/Kibana/Elastic-Agent with Docker, version 7.17.6.
The documentation seems fairly straight forward so not sure where to go from here. Any thoughts?

laravel graphql playground Client authentication failed", for login access

I am working on a project where i'm facing problem while configuring graphql. When i'm trying to login it shows error on client authentication. Here's the code i have now:
mutation{
login(data:{
username:"avc#gmail.com",
password:"123456789",
}){
access_token
}
}
error is:
{
"errors": [
{
"message": "Client authentication failed",
"extensions": {
"guards": [],
"category": "authentication"
},
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"login"
],

this problem Solution command is
php artisan passport:client --password password
That means you have create client password

How to handle empty field names in ElasticSearch?

I'd like to log users' input to my RESTful API for debugging purpose but whenever there's an empty field in the JSON payload, an error is generated and the log is discarded.
For instance,
{
"extra": {
"request": {
"body": {
"": ""
}
}
}
}
...will result in
{
"error": {
"root_cause": [
{
"type": "mapper_parsing_exception",
"reason": "failed to parse"
}
],
"type": "mapper_parsing_exception",
"reason": "failed to parse",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "field name cannot be an empty string"
}
},
"status": 400
}
It seems to be caused by https://github.com/elastic/elasticsearch/blob/45e7e24736eeb4a157ac89bd16a374dbf917ae26/server/src/main/java/org/elasticsearch/index/mapper/DocumentParser.java#L191.
It's a bit tricky since it happens in the parsing phase... Is there any workaround to remove/rename such fields so that it can enable ES to digest these logs?

Google Plus Domains Api insert Activities in error

I try to create activity through the form 'Google+ Domains API v1' with 'plusDomains.activities.insert'
I use scopes :
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.stream.write
Request is : https://www.googleapis.com/plusDomains/v1/people/me/activities?preview=true&fields=access&key={YOUR_API_KEY}
parameters :
{
"object": {
"originalContent": "Test"
},
"access": {
"items": [
{
"type": "domain"
}
],
"domainRestricted": true
}
}
but I have the following error :
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Forbidden"
}
],
"code": 403,
"message": "Forbidden"
}
and I have this message :
You do not have permission to execute this method.

This API call requires OAUTH2.0 authorization not an API key. That's the reason you're getting the error.
It's clearly stated in Activities.insert:
"Requires authorization"
To prove this, give the Try-it a go. It uses OAuth2. Your request should work.

Create and Share bucket in google cloud storage using google api's

i need to create and share a bucket in gcloud storage using google api's. but i got an error when am tring with postman(rest client).
Iam trying with
url
-------
https://www.googleapis.com/storage/v1/b?project=testproject
request body
------------
{
"name":"testbucketmanafnew"
}
i got an error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
after iam created an access tocken using OAuth 2.0 Playground. And added to header
Authorization = ya29.VALUE_REDACTED
But i got error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
what did i miss?
using Google api explorer, am able to call api's successfully
POST https://www.googleapis.com/storage/v1/b?project=testproject&key={YOUR_API_KEY}
{
"name": "testmanafcjbucketyy"
}

Authorization needs to be passed in the following format.
Authorization: Bearer [oauth2_token]
if you're using Postman the "Header" field becomes Authorization and the "Value" field becomes Bearer[WHITESPACE][oauth2_token]