Hi,
I want to create channels, security definitions etc. using the Zato public API.
I need to provide a username/password combination to use the API.
The username is the well known ‘pubapi’.
However the password is automatically set and it seems cannot be changed without knowing the password.
Do you know of an automated solution (other than fetching the password from the database)?
regards,
Leo
Hi Rafal,
Thanks for responding, I hope you can help.
I’m afraid that in order to use zato.security.basic-auth.change-password to change the password for the pubapi user I need to authenticate using pubapi.
So I need to know the automatically created password in order to change it.
Its a catch 22.
Leo
Is it a strict requirement that it be done remotely?
Can the initial call, the one to change the password, be done from command line and subsequent ones would be through the API?
Services can be invoked from command line, which is documented below, and the command line client knows itself how to get hold of the password:
By the way, you can naturally change the password from web-admin as well:
https://zato.io/docs/web-admin/security/basic-auth.html
But I’m just assuming that you are looking for an automated means - otherwise, web-admin will be the most convenient option.
So far I used the web interface to setup Zato.
It works well for experimentation.
But now I want to roll out services using git version tags and Ansible.
So part of installing a service is a script that checks that the required entities (channels, security definitions, roles and whatnot) are present and configured correctly for the service.
And thus I need to know the password for pubapi.
Since this script can access the database it can find the password.
But that is not the proper way in my opinion.
So I tried to find a way to control the password, preferably when Zato is installed using Ansible.
zato service invoke might let me do just that.
I’m going to give it a try first thing tomorrow morning.
Thanks for the pointer!
There is still a lot to learn about Zato.
Certainly, this is all understood and you are right that there is no need to manually update anything in the database.
It’s just that you need to somehow prove that you can access the environment:
So in your situation with Ansible, I would just go for command line to change the initial password and follow up with API calls that could now use the newly configured password.