On 02/19/2015 03:51 PM, Petr Vobornik wrote:
This patch is a prerequisite for patch 801 which will follow. It was
developed to enable to use ipalib RPC client in Web UI tests. Plus it
will enable to significantly speed up Web UI tests suite (if
preparation of data is transformed to use this method).
Partly related https://fedorahosted.org/freeipa/ticket/4772 and
https://fedorahosted.org/freeipa/ticket/4307
Leverage session support to enable forms-based authenticate in rpc
client.
In order to do that session support in KerbTransport was moved to new
SessionTransport. RPCClient.create_connection is then modified to
force forms-based auth if new optional options - user and password are
specified. For this case SessionTransport is used and user is
authenticated by calling
'https://ipa.server/ipa/session/login_password'. Session cookie is
stored and used in subsequent calls.
This feature is usable for use cases where one wants to call the API
without being on ipa client. Non-being on ipa client also means that
IPA's NSS database and configuration is not available. Therefore one
has to define "~/.ipa/default.conf" in a similar way as ipa client
does and prepare a NSS database with IPA CA cert.
Usage:
api.Backend.rpcclient.connect(
nss_dir=my_nss_dir_path,
user=user,
password=password
)
It's possible to switch users with:
api.Backend.rpcclient.disconnect()
api.Backend.rpcclient.connect(
nss_dir=my_nss_dir_path,
user=other_user,
password=other_password
)
Or check connection with:
api.Backend.rpcclient.isconnected()
Example: download a CA cert and add it to a new temporary NSS database:
from urllib2 import urlparse
from ipaplatform.paths import paths
from ipapython import certdb, ipautil
from ipapython.ipautil import run
from ipalib import x509
# create new NSSDatabase
tmp_db = certdb.NSSDatabase()
pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password())
tmp_db.create_db(pwd_file.name)
# download and add cert
url = urlparse.urlunparse(('http', ipautil.format_netloc(ipa_server),
'/ipa/config/ca.crt', '', '', ''))
stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
certs = x509.load_certificate_list(stdout, tmp_db.secdir)
ca_certs = [cert.der_data for cert in certs]
for i, cert in enumerate(ca_certs):
tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1), 'C,,')
my_nss_dir_path = tmp_db.secdir
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
thanks for the patch. Please, fix the pep8 complaints.
Can someone else look at the code as well, please?
Thanks,
Milan
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
