Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Cloudbreak Rest API usage

Labels:
avatar
author-rank liam_macinnes
Contributor

Created ‎04-07-2016 11:03 PM

Hi

I'm trying to create a client app to connect to the cloudbreak api to spin up and tear down a cluster. Unfortunately I'm running into problems even authenticating with the API

Despite the API docs themselves being very clear there's no examples or instructions on how to authenticate to the API in the first place.

I'm using the PreMade CloudBreak Deployer AMI.

Can someone please throw up a simple example of how to authenticate with the API? I'm using python and GoLang so an example in one of those languages would be most useful to me but anything would be helpful at this point.

3,758 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank msereg
Rising Star

Created ‎04-08-2016 06:59 AM

Hi,

Cloudbreak's authentication is standard OAuth2 and it is provided by UAA (https://github.com/cloudfoundry/uaa). So you must first obtain a token from the UAA identity server, running in a 2. docker container with cbd and then send this token to the Cloudbreak resource server in every API request.

There are different types of client applications for an OAuth2 resource server, Cloudbreak has 2 implemented clients, a CLI and the web UI. The webUI uses the standard "authorization code" flow, while the CLI uses the much simpler "implicit grant" flow. So first you should decide which flow you'd like to use. Are you developing a web app, or some kind of CLI?

The implicit grant token request can be done with a simple curl for example (cloudbreak_shell is a registered application in the UAA db, you may want to add a new application there):

export TOKEN=$(curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"admin@example.com","password":"<password>"}' "http://<cloudbreak-url>:8089/oauth/authorize?response_type=token&client_id=cloudbreak_shell&scope.0=openid&source=login&redirect_uri=http://cloudbreak.shell" | grep Location | cut -d'=' -f 3 | cut -d'&' -f 1)

After you have a token (that's the hard part), you should send that token to Cloudbreak in every request header like this:

curl -X DELETE -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" http://localhost:9091/api/v1/stacks/44/cluster

For an authorization grant flow example you can check out the webUI, especially these lines in the nodejs code:

https://github.com/sequenceiq/cloudbreak/blob/master/web/server.js#L217

https://github.com/sequenceiq/cloudbreak/blob/master/web/server.js#L179

Marton

View solution in original post

2,624 Views
6 REPLIES 6

avatar
author-rank msereg
Rising Star

Created ‎04-08-2016 06:59 AM

Hi,

Cloudbreak's authentication is standard OAuth2 and it is provided by UAA (https://github.com/cloudfoundry/uaa). So you must first obtain a token from the UAA identity server, running in a 2. docker container with cbd and then send this token to the Cloudbreak resource server in every API request.

There are different types of client applications for an OAuth2 resource server, Cloudbreak has 2 implemented clients, a CLI and the web UI. The webUI uses the standard "authorization code" flow, while the CLI uses the much simpler "implicit grant" flow. So first you should decide which flow you'd like to use. Are you developing a web app, or some kind of CLI?

The implicit grant token request can be done with a simple curl for example (cloudbreak_shell is a registered application in the UAA db, you may want to add a new application there):

export TOKEN=$(curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"admin@example.com","password":"<password>"}' "http://<cloudbreak-url>:8089/oauth/authorize?response_type=token&client_id=cloudbreak_shell&scope.0=openid&source=login&redirect_uri=http://cloudbreak.shell" | grep Location | cut -d'=' -f 3 | cut -d'&' -f 1)

After you have a token (that's the hard part), you should send that token to Cloudbreak in every request header like this:

curl -X DELETE -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" http://localhost:9091/api/v1/stacks/44/cluster

For an authorization grant flow example you can check out the webUI, especially these lines in the nodejs code:

https://github.com/sequenceiq/cloudbreak/blob/master/web/server.js#L217

https://github.com/sequenceiq/cloudbreak/blob/master/web/server.js#L179

Marton

2,625 Views

avatar
author-rank liam_macinnes
Contributor

Created ‎04-08-2016 04:02 PM

That's what I thought, however that hasn't been working I get a 500 back from UAA when I try to use that curl command (using CB 1.2 if that matters)

curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"<username@domain.com>","password":" "}' "http:// :8089/oauth/authorize?response_type=token&client_id=cloudbreak_shell≻ope.0=openid&source=login&redirect_uri=http://cloudbreak.shell"

HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Cache-Control: no-cache Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT X-XSS-Protection: 1; mode=block X-Frame-Options: DENY X-Content-Type-Options: nosniff Cache-Control: no-store Content-Language: en Content-Length: 0 Date: Fri, 08 Apr 2016 15:55:26 GMT Connection: close

2,624 Views
0 Kudos

avatar
author-rank liam_macinnes
Contributor

Created ‎04-08-2016 04:11 PM

Found it. TY!

  1. export TOKEN=$(curl -iX POST -H "accept: application/x-www-form-urlencoded"-d 'credentials={"username":"admin@example.com","password":"<password>"}'"http://<cloudbreak-url>:8089/oauth/authorize?response_type=token&client_id=cloudbreak_shellope.0=openid&source=login&redirect_uri=http://cloudbreak.shell"| grep Location| cut -d'='-f 3| cut -d'&'-f 1)

should be

  1. export TOKEN=$(curl -iX POST -H "accept: application/x-www-form-urlencoded"-d 'credentials={"username":"admin@example.com","password":"<password>"}'"http://<cloudbreak-url>:8089/oauth/authorize?response_type=token&client_id=cloudbreak_shell&ope.0=openid&source=login&redirect_uri=http://cloudbreak.shell"| grep Location| cut -d'='-f 3| cut -d'&'-f 1)
2,624 Views
0 Kudos

avatar
author-rank liam_macinnes
Contributor

Created ‎04-08-2016 04:17 PM

I'm not seeing a container listening on port 9091. What container should I be pointing at?

2,624 Views
0 Kudos

avatar
author-rank msereg
Rising Star

Created ‎04-08-2016 04:45 PM

I think it should be 9090 or 8080 then, I've copied it from my dev env and it's 9091 there.

2,624 Views

avatar
author-rank liam_macinnes
Contributor

Created ‎04-08-2016 08:43 PM

got it looks like 8080 in my env

2,624 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements