search

cyberark / conjur-quickstart

Start securing your secrets and infrastructure by installing Conjur, using Docker and the official Conjur containers on DockerHub.
Apache License 2.0
33 stars 36 forks source link

Not able to Access Conjur REST APIs on gitbash and postman #40

Closed ravics09 closed 3 years ago

ravics09 commented 3 years ago

Using conjur cli I able to use REST APIs to store and fetch secret (using host http://conjur). Like to set secret for username curl -H "$(conjur authn authenticate -H)" http://conjur/secrets/conjurAccount/variable/root%2Fdb%2Fusername --data "ravics09" But when I try same command in git bash I am getting error: curl: (28) Failed to connect to 192.168.29.227 port 808: Timed out

Why Its trying to connect with given IP? Is any port mapping require ? Or What setting require so I can test those REST APIs using postman?

My conjur server running on localhost port 8080. docker1

rpothier commented 3 years ago

Hi @ravics09 Can you share a little more setup information? What is the working configuration, is the working case on the same machine? Is postman being used in the working case? There shouldn't be a mapping, have you tried with setting the explicit port in the command?

ravics09 commented 3 years ago

Hi @rpothier ,

Setup Information: Docker version - 2.5.0 OS - Windows 10 Yes I am trying postman on same machine to test conjur REST APIs. How I can set explicit port with the command.

Docker Setting

docker setting

default.config file config

On conjur CLI I able to access those api. like conjurcli

But when I try to access http://conjur using curl command on git bash I am not getting correct output. failed

venkatesh22pv commented 3 years ago

I too trying same kind of scenario...trying to get secret from postman using restapi. Any solution found???

rpothier commented 3 years ago

Hi @ravics09 In the git bash case shouldn't that be run inside the container? i.e. docker-compose exec client curl ...

ravics09 commented 3 years ago

Hi @rpothier , Yes In git bash using docker-compose..... I am getting Authorization missing bash

But After adding token manually it worked. token

In case of postman, I am still facing issue. How we can access conjur rest apis in postman? I searched regarding it but didn't find anything on internet.

venkatesh22pv commented 3 years ago

guys is there any way to can access conjur rest apis in postman???

rpothier commented 3 years ago

OK, thanks @ravics09 . So now it's ok with gitbash, and only an issue with Postman, is this correct?

rpothier commented 3 years ago

Also, @ravics09 and @venkatesh22pv for questions on the API to use in postman, you can refer to https://github.com/cyberark/conjur-openapi-spec/wiki

ravics09 commented 3 years ago

Thanks @rpothier

I have given sometime on it and got success to access conjur api on postman. Still one issue there for each api request I have to add access token manually in the request header.

Below request not generating token automatically curl -H "$(conjur authn authenticate -H)" http://localhost:8080/whoami

So I tried below code and added token manually and it worked.

curl --request GET \
--url http://localhost:8080/whoami  \
--header 'authorization: Token token="XXXXXXXXX"

"$(conjur authn authenticate -H)"

is not working with postman to generate token. Can you help me in it ? @rpothier @izgeri

rpothier commented 3 years ago

Hi @ravics09 How are you generating the token? Are you generating from the gitbash shell or the docker container. you can generate the token by calling the docker container like this. curl -H "$(docker-compose exec client conjur authn authenticate -H)" -k https://localhost:8443/whoami

john-odonnell commented 3 years ago

@ravics09 I've done a little digging into your issue.

Git-Bash

I think the problem you're experiencing is that the "$(conjur authn authenticate -H)" command substitution is occurring in your shell, and not in the client service, where the conjur executable resides.

This can be fixed by executing the command as a string, and escaping the contained " and $. This version of the command will substitute the authentication command from the shell of the client service, where it will execute successfully.

docker-compose exec client sh -c "curl -H \"\$(conjur authn authenticate -H)\" http://conjur/whoami"

Postman

I would like to understand the problem you're having with Postman further, as I'm currently working on a guide for exploring the Conjur API using Postman and the Conjur OpenAPI Spec. I have a preliminary version here if you want to take a look, any feedback is appreciated.

I think the problem is similar to the Git-Bash problem, where you are evoking conjur outside of the conjur-cli. In what context are you using the command $(conjur authn authenticate -H) in Postman? As a pre-request hook?

ravics09 commented 3 years ago

Hi @rpothier , I am trying to generate token in postman. I tried curl -H "$(docker-compose exec client conjur authn authenticate -H)" -k https://localhost:8443/whoami

But its giving Authorization missing in response.

I don't want to generate access token in cli and use that in api call instead I want to generate access token with the api request in postman.

rpothier commented 3 years ago

Hi @ravics09 For the issues with Postman, please refer to @john-odonnell comments and the links he provided.

rpothier commented 3 years ago

Hi @ravics09 Since the remaining questions are with Postman, can we close this issue?