Support Questions

Find answers, ask questions, and share your expertise

Cloudbreak Rest API usage

Hi

I'm trying to create a client app to connect to the cloudbreak api to spin up and tear down a cluster. Unfortunately I'm running into problems even authenticating with the API

Despite the API docs themselves being very clear there's no examples or instructions on how to authenticate to the API in the first place.

I'm using the PreMade CloudBreak Deployer AMI.

Can someone please throw up a simple example of how to authenticate with the API? I'm using python and GoLang so an example in one of those languages would be most useful to me but anything would be helpful at this point.

1 ACCEPTED SOLUTION

Contributor

Hi,

Cloudbreak's authentication is standard OAuth2 and it is provided by UAA (https://github.com/cloudfoundry/uaa). So you must first obtain a token from the UAA identity server, running in a 2. docker container with cbd and then send this token to the Cloudbreak resource server in every API request.

There are different types of client applications for an OAuth2 resource server, Cloudbreak has 2 implemented clients, a CLI and the web UI. The webUI uses the standard "authorization code" flow, while the CLI uses the much simpler "implicit grant" flow. So first you should decide which flow you'd like to use. Are you developing a web app, or some kind of CLI?

The implicit grant token request can be done with a simple curl for example (cloudbreak_shell is a registered application in the UAA db, you may want to add a new application there):

export TOKEN=$(curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"admin@example.com","password":"<password>"}' "http://<cloudbreak-url>:8089/oauth/authorize?response_type=token&client_id=cloudbreak_shell&scope.0=openid&source=login&redirect_uri=http://cloudbreak.shell" | grep Location | cut -d'=' -f 3 | cut -d'&' -f 1)

After you have a token (that's the hard part), you should send that token to Cloudbreak in every request header like this:

curl -X DELETE -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" http://localhost:9091/api/v1/stacks/44/cluster

For an authorization grant flow example you can check out the webUI, especially these lines in the nodejs code:

https://github.com/sequenceiq/cloudbreak/blob/master/web/server.js#L217

https://github.com/sequenceiq/cloudbreak/blob/master/web/server.js#L179

Marton

View solution in original post

6 REPLIES 6

Contributor

Hi,

Cloudbreak's authentication is standard OAuth2 and it is provided by UAA (https://github.com/cloudfoundry/uaa). So you must first obtain a token from the UAA identity server, running in a 2. docker container with cbd and then send this token to the Cloudbreak resource server in every API request.

There are different types of client applications for an OAuth2 resource server, Cloudbreak has 2 implemented clients, a CLI and the web UI. The webUI uses the standard "authorization code" flow, while the CLI uses the much simpler "implicit grant" flow. So first you should decide which flow you'd like to use. Are you developing a web app, or some kind of CLI?

The implicit grant token request can be done with a simple curl for example (cloudbreak_shell is a registered application in the UAA db, you may want to add a new application there):

export TOKEN=$(curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"admin@example.com","password":"<password>"}' "http://<cloudbreak-url>:8089/oauth/authorize?response_type=token&client_id=cloudbreak_shell&scope.0=openid&source=login&redirect_uri=http://cloudbreak.shell" | grep Location | cut -d'=' -f 3 | cut -d'&' -f 1)

After you have a token (that's the hard part), you should send that token to Cloudbreak in every request header like this:

curl -X DELETE -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" http://localhost:9091/api/v1/stacks/44/cluster

For an authorization grant flow example you can check out the webUI, especially these lines in the nodejs code:

https://github.com/sequenceiq/cloudbreak/blob/master/web/server.js#L217

https://github.com/sequenceiq/cloudbreak/blob/master/web/server.js#L179

Marton

That's what I thought, however that hasn't been working I get a 500 back from UAA when I try to use that curl command (using CB 1.2 if that matters)

curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"<username@domain.com>","password":" "}' "http:// :8089/oauth/authorize?response_type=token&client_id=cloudbreak_shell≻ope.0=openid&source=login&redirect_uri=http://cloudbreak.shell"

HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Cache-Control: no-cache Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT X-XSS-Protection: 1; mode=block X-Frame-Options: DENY X-Content-Type-Options: nosniff Cache-Control: no-store Content-Language: en Content-Length: 0 Date: Fri, 08 Apr 2016 15:55:26 GMT Connection: close

Found it. TY!

  1. export TOKEN=$(curl -iX POST -H "accept: application/x-www-form-urlencoded"-d 'credentials={"username":"admin@example.com","password":"<password>"}'"http://<cloudbreak-url>:8089/oauth/authorize?response_type=token&client_id=cloudbreak_shellope.0=openid&source=login&redirect_uri=http://cloudbreak.shell"| grep Location| cut -d'='-f 3| cut -d'&'-f 1)

should be

  1. export TOKEN=$(curl -iX POST -H "accept: application/x-www-form-urlencoded"-d 'credentials={"username":"admin@example.com","password":"<password>"}'"http://<cloudbreak-url>:8089/oauth/authorize?response_type=token&client_id=cloudbreak_shell&ope.0=openid&source=login&redirect_uri=http://cloudbreak.shell"| grep Location| cut -d'='-f 3| cut -d'&'-f 1)

I'm not seeing a container listening on port 9091. What container should I be pointing at?

Contributor

I think it should be 9090 or 8080 then, I've copied it from my dev env and it's 9091 there.

got it looks like 8080 in my env

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.