During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/sam/Documents/freenet/nifi-automation/src/compose.py", line 122, in <module>
compose_services(env_config, types, NIFI_VERSION, False, bench)
File "/home/sam/Documents/freenet/nifi-automation/src/compose.py", line 11, in compose_services
pg = ProcessorGroups(NIFI_VERSION)
File "/home/sam/Documents/freenet/nifi-automation/src/components/processor_group.py", line 9, in __init__
processor_groups = nipyapi.canvas.list_all_process_groups(pg_id='root')
File "/home/sam/Documents/freenet/nifi-automation/venv/lib/python3.6/site-packages/nipyapi/canvas.py", line 178, in list_all_process_groups
root_flow = recurse_flow(pg_id)
File "/home/sam/Documents/freenet/nifi-automation/venv/lib/python3.6/site-packages/nipyapi/canvas.py", line 64, in recurse_flow
return _walk_flow(get_flow(pg_id))
File "/home/sam/Documents/freenet/nifi-automation/venv/lib/python3.6/site-packages/nipyapi/canvas.py", line 85, in get_flow
raise ValueError(err.body)
ValueError: No applicable policies could be found. Contact the system administrator.
Process finished with exit code 1
I have a few NIFI automation scripts which work perfectly fine when I run on a unsecure cluster (localhost/or somehwere) but
I get this error when I run against a URL which is behind KNOX gateway.
I can see a few functions in nipyapi.access_api class
def knox_callback(**kwargs)
def knox_callback_with_http_info(self,
**kwargs):
def knox_request(self, **kwargs):
def knox_request_with_http_info(self, **kwargs):
I cant understand how any of these or in combination with anyother function from the class is/are to be used to overcome this? any idea?
EDIT1:
IM using the security.py functions first is secure_login. In the docs its written Login requires a secure connection over https. Prior to calling this method, the host must be specified and the SSLContext should be configured (if necessary).
set_service_ssl_context this function serves the purpose but I'm not sure if I need it or not as for one way TSL it isn't required.
But I have a confusion. I have two URLs one Knox URl with LDAP login other direct URI(although it also redirects to knox-Ldap sequence) When I give the Knox url I get a different error as compared to direct one.
from the direct URI i get
File /nipyapi/security.py", line 130, in service_login
username=username, password=password)
nipyapi.nifi.rest.ApiException: (409)
Reason: Conflict
HTTP response body: Username/Password login not supported by this NiFi.
And in case of Knox uri it throws the same connection error exception on the same lines but
nipyapi.nifi.rest.ApiException: (404)
Reason: Not Found
So im assuming I have to use the direct url. secondly why it says user not for. I can login manually. from the LDAP sequence.
My current request is going as an anonymous user so I'm going to use the Certs and try the set_service_ssl_context function with the PEM files.
Btw below are the two urls.
"nifi_host": "https://****.****.net:8443/nifi-api", DIRECT URL
"nifi_host": "https://****-****.****.net:8443/gateway/****-sso/nifi-api", knox url
EDIT 2:
my request is being received as anonymous at server even with the following code.
nipyapi.security.set_service_ssl_context(service='nifi', ca_file=None, client_cert_file="bi.keystore", client_key_file=None, client_key_password="infraop6043")
nipyapi.security.service_login(username='myuser', password='mypass')
it gives Connection Error here
nipyapi.nifi.AccessApi().create_access_token( username=username, password=password) And show this error HTTP response body: Username/Password login not supported by this NiFi
I'm not sure how to use the set_service_ssl_context properly. Maybe instead of bi.keystore I should try using directly the letsencrypt-root-ca: letsencrypt.org/certs/isrgrootx1.pem.txt or my local system ca-certs.
my properties file for toolkit-cli was
*baseUrl=https://svc-hadoop-utilities-pre-c3-02.jamba.net:18443
keystore=/home/jread/nifi-toolkit/bi.keystore
keystoreType=JKS
keystorePasswd=infraop6043
keyPasswd=
truststore=/usr/lib/java/jre/lib/security/cacerts
truststoreType=JKS
truststorePasswd=changeit
proxiedEntity=CN=bijobs.jamba.net*
The error message you have 'No applicable policies could be found. Contact the system administrator.' is typically produced by the Ranger plugin when security is enabled and the user you are connecting with is not permitted, I have not seen Knox produce it.
Can you confirm that you have not enabled Ranger without policies when you enable Knox for NiFi, and that is the error message you are getting?
If you look in the nifi-app.log I suspect you'll see the same error being produced, which would suggest to me that NiPyAPi is just transporting the error that NiFi is generating due to an incomplete security setup.
Related
I have went through creating the custom slash command configuration via slack and installed it on workspace. However when I run it I get this
/testing failed with the error "dispatch_failed"
I tried multiple workspaces but same issue. Anyone experienced this?
So after a few tests, I found out that this is just a generic message of anything that fails at slack at this point. I have first my endpoint that was unreachable. So it was returning this message. I fixed that, used ngrok for tunnel so that I could debug and that is how I found this issue.
Also, this error can occur due to the following reasons as well.
Errors in code
Unreachable backend or Invalidly configured slash command in the app
While the documentation tells you:
"use the Request URL is your base server link + "/slashcommand" after it"
This is incorrect. The request URL should be: "/slack/events"
Of course the command needs to match whats in the 'edit command' window and in the method '.command' in your app.js:
app.command('/flash-card', async ({ ack, body, client })
If you're using ngrok http <port> to test in your localhost, be aware that a new ngrok public URL is created every time you run this command. So in https://api.slack.com/apps, in your app's Features, you may have to update your Slash Command' request URL with the current ngrok URL generated for you.
You need to set the Method in the Integration Settings to GET, is default to POST
This is also the error for a 404 Not Found.
If you're developing offline with ngrok, the 404 error can be seen in the terminal.
If you're deploying with serverless, ensure that you're handling the new endpoint /slack/command. One solution is to create a separate handler, i.e. /command.js
functions:
slack:
handler: app.handler
events:
- http:
path: slack/events
method: post
command:
handler: command.handler
events:
- http:
path: slack/command
method: post
[If your code is executing and u still have this error]
In my case using Slackbolt with js I forgot to add
await ack();
in called function so Slack api throw error.
I am using subfission/cas for my application. I have followed all installation steps. I am using windows, if that matters. More precisely, I have configured the following:
I ran the following in my terminal
composer require "subfission/cas" "dev-master"
I configured my Kernel.php accordingly, adding the following:
'cas.auth' => 'Subfission\Cas\Middleware\CASAuth',
'cas.guest' => 'Subfission\Cas\Middleware\RedirectCASAuthenticated',
I ran the following command:
php artisan vendor:publish
I also set up my cas server in my cas.php config file:
'cas_hostname' => env('CAS_HOSTNAME', 'cas.myserver.me'),
'cas_real_hosts' => env('CAS_REAL_HOSTS', 'cas.myserver.me'),
What I want is a middleware for all my routes, so I added the following route rule in my routes:
Route::middleware(['cas.auth'])->group(function ()
{
Route::get('/', function ()
{
return view('welcome');
});
});
Basically, I want to redirect everyone who is not logged in to the login page whenever I access the main page (for now, I will add more routes in the future). What happens is that the users are redirected to the login page when they are not logged in, but after the login I receive the following error:
ErrorException (E_WARNING)
DOMDocument::loadXML(): Opening and ending tag mismatch: hr line 1 and body in Entity, line: 1
No matter what view I'm redirecting the user to. I tried the default welcome page as well as an empty view, but I still get the same error.
EDIT: I have used the dev-master branch from subfission/cas for the above error and after switching to 2.1.1, I get a different error:
session_name(): Cannot change session name when headers already sent
EDIT 2: I did some more digging and I enabled internal errors in my cas client class with:
libxml_use_internal_errors(true);
And now I get the following:
Authentication failure: SA not validated Reason: bad response from the CAS server
And the cas response is:
The thing is that I use the same cas server for another 2 projects and it works well for those (but those aren't laravel projects.
I know it's been a while, but for anyone else having issues like this, the issue is the protocol selected for which your web service communicates with your CAS(Central Authentication Service) provider. There are two main protocols used for SSO/CAS in this package:
SAML(Security Assertion Markup Language) version 1.1 & 2
CAS Protocol v3.0
[Confusingly enough, CAS protocol shares the same namespace as the service.]
The idea is to match the protocol and version with your identity provider. It sounds like your provider is using CASv3.0, which is why disabling SAML worked.
Also, if you enable debug mode, you will see further error details in your log file to help your troubleshoot.
Best of luck!
I managed to solve the issue by disabling the SAML in the cas configure file:
'cas_enable_saml' => env('CAS_ENABLE_SAML', true),
change to
'cas_enable_saml' => env('CAS_ENABLE_SAML', false),
When a Camel route starts, the status of the route changes. However it happens that the route starts correctly, but there are log warning/errors during start/runtime (for example incorrect password when starting a FTP component).
These events are logged into the console/log file. I want to get these events programmatically (outside the Camel DSL). For example getEvents(routeID, typeEvent, xNumberOfEvents){}.
Are these events cached somewhere by Camel? Can I retrieve the events by something like the ManagedRouteMBean? Or should I write my own caching mechanism using the event notifier (similar to the RiderEventNotifier example) or some kind of errorhandler?
For example to following message is written to the log:
2018-10-11 22:15:24.719 WARN 3820 --- [ XNIO-2 task-12]
o.a.c.component.file.remote.FtpConsumer : Error auto creating directory:
due File operation failed: 530 This server does not allow plain FTP. You have
to use FTP over TLS.
. Code: 530. This exception is ignored.
org.apache.camel.component.file.GenericFileOperationFailedException: File
operation failed: 530 This server does not allow plain FTP. You have to use
FTP over TLS.
. Code: 530
The issue with the above is that the route start up normal. So
ManagedRouteMBean route = context.getManagedRoute(id, ManagedRouteMBean.class);
RouteError lastError = route.getLastError();
returns no error.
Also this seems not errors in the exchange, so the errorhandler or event notifiers don't intercept these messages.
I would like to intercept (and cache) such messages by routeid.
There is a way to handle these kinds of warnings/errors by the normal errorhandler by use of a so-call bridgeErrorHandler. See: http://camel.apache.org/why-does-my-file-consumer-not-pick-up-the-file-and-how-do-i-let-the-file-consumer-use-the-camel-error-handler.html
Good afternoon,
I'm following the example on Windows Http Server Api, found here:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa364640(v=vs.85).aspx
I get my project to compile and work when I enter http://localhost:8080/test as the URl into HttpAddUrl function, and point my browser to http://localhost:8080/test on the same machine as I run the http server in the above example.
The webpage shows the response and everything works well.
here is my call to HttpAddUrl
retCode = HttpAddUrl(
hReqQueue, // Req Queue
L"http://localhost:8080/test/", // Fully qualified URL
NULL // Reserved
);
My problem, however is sending the request from another machine on the same LAN.
I tried pointing the browser to http://192.168.1.2:8080/test/ but I got a 404 error,
Then I tried changing the HttpAddUrl function to
retCode = HttpAddUrl(
hReqQueue, // Req Queue
L"http://192.168.1.2:8080/test/", // Fully qualified URL
NULL // Reserved
)
This only returned retCode = 5 (which I also cannot determine the meaning of, if somebody can help me determine the enumeration for this error variable)
Does anybody know what I am supposed to enter into the HttpAddUrl function if I want to sen an HTTP request from another machine to the local server.
Thanks,
-D
Resolved, it turns out I was not running Visual Studio with Admin privileges, error 5 was system error "Access Denied"
http://msdn.microsoft.com/en-us/library/windows/desktop/ms681382(v=vs.85).aspx
The URL of L"http://192.168.1.2:8080/test/" was corrent
using Dojo, is it possible to make an Ajax call using xhrPost from an HTTP view to a HTTPS url ?
The url must be HTTPS (as defined in Struts).
If I simply set "MyCommand" as the 'url' parameter of the xhrGet, I get a 302 error code.
If I transform "MyCommand" using javascript to something like "https://......./servlet/MyCommand" I see the following error in Firebug : "uncaught exception: Permission denied to call method XMLHttpRequest.open".
I'm stuck using both approaches, the only solution I found is to remove the "https" clause in the struts configuration file, and of course this is not a correct solution :)
Thanks for any help.
Best regards,
Nils
connection to https from http involves a different port of the target. This violates the same-origin policy which should be enforced by the browser to the running javascript code.
It should work with an iframe..
dojo.io.iframe encapsulates this behaviour for you
http://docs.dojocampus.org/dojo/io/iframe
If your server responds with a redirect to a non-ssl (correctly to same-origin) page you should be able to read the response (because the iframe is now in the same-origin).