[Solved] `CURL` post to Server API failed

expert123 · July 17, 2017, 2:26am

I wrote a Bash script to implement APIs like get and post.

Now GET works perfect, while POST fails.

============ begin of this script ===================

#!/bin/bash

# Chef Server API by bash.

set -x
_chomp () {
  # helper function to remove newlines
  awk '{printf "%s", $0}'
}

chef_api_request() {
  # This is the meat-and-potatoes, or rice-and-vegetables, your preference really.

  local method path body timestamp chef_server_url client_name hashed_body hashed_path
  local canonical_request headers auth_headers

  chef_server_url="https://chef.xxx.com:9443"
  ca_cert="/root/.chef/trusted_certs/chef.xxx.com.crt"

  method=$1
  endpoint=${2%%\?*}
  body=$3

  path=${chef_server_url}$2
  client_name="opscode" # from `knife user list`, and the one who is associated with the org when created by `chef-server-ctl org-create`
 
  

  hashed_path=$(echo -n "$endpoint" | openssl dgst -sha1 -binary | openssl enc -base64)
  hashed_body=$(echo -n "$body" | openssl dgst -sha1 -binary | openssl enc -base64)
  timestamp=$(date -u "+%Y-%m-%dT%H:%M:%SZ")

  canonical_request="Method:$method\nHashed Path:$hashed_path\nX-Ops-Content-Hash:$hashed_body\nX-Ops-Timestamp:$timestamp\nX-Ops-UserId:$client_name"
  headers="-H X-Ops-Timestamp:$timestamp \
    -H X-Ops-Userid:$client_name \
    -H X-Chef-Version:12.15.8 \
    -H Accept:application/json \
    -H X-Ops-Content-Hash:$hashed_body \
    -H X-Ops-Sign:version=1.0"

  auth_headers=$(printf "$canonical_request" | openssl rsautl -sign -inkey \
    "/etc/chef/${client_name}.pem" | openssl enc -base64 | _chomp |  awk '{ll=int(length/60);i=0; \
    while (i<=ll) {printf " -H X-Ops-Authorization-%s:%s", i+1, substr($0,i*60+1,60);i=i+1}}')

  case $method in
    GET)
      eval "curl --cacert $ca_cert $headers $auth_headers $path"
      ;;
    POST)
     # Content-Type is needed when doing 'POST' and 'PUT'.
      eval "curl --cacert $ca_cert -H Content-Type:application/json $headers $auth_headers $path"
      ;;
    *)
      echo "Unknown Method. " >&2
     exit 1
      ;;
    esac
  }

 chef_api_request "$@"

======== the end of this script ===================

The following is the output of running POST
.

 bash server_api.sh POST "/organizations" '{"name":"secure","full_name":"secure test1"}'

with output

{"error":["Invalid signature for user or client 'opscode'"]}

Just to be clear, opscode is admin of this org.

Could someone please give me a hint? I am stuck with for days.

Thanks very much.

expert123 · July 18, 2017, 12:41am

Regarding POST, X POST -d <JSON> is need. see https://stackoverflow.com/questions/45135700/chef-server-api-curl-post-to-chef-server-failed

Topic		Replies	Views
Import into Chef 11 server fails Chef Infra (archive)	1	333	July 9, 2013
How to ignore SSL check for resource http_request in cookbook Chef Infra (archive)	1	2177	September 28, 2015
Client registration fails with failed to authenticate - part way through series of installs Chef Infra (archive)	1	795	January 11, 2012
REST authentication Chef Infra (archive)	2	359	September 1, 2009
Re: Re: ChefDK and Test Kitchen SSL issue Chef Infra (archive)	3	767	January 7, 2015

[Solved] `CURL` post to Server API failed

Related Topics