[Freeipa-devel] [PATCH] 1106 IPA REST smart proxy
Dmitri Pal
dpal at redhat.com
Fri Feb 14 02:17:35 UTC 2014
On 02/13/2014 09:02 PM, Rob Crittenden wrote:
> Dmitri Pal wrote:
>> On 02/13/2014 06:07 PM, Rob Crittenden wrote:
>>> Martin Kosek wrote:
>>>> On 01/28/2014 09:35 PM, Rob Crittenden wrote:
>>>>> Petr Viktorin wrote:
>>>>>> On 01/23/2014 02:17 PM, Petr Viktorin wrote:
>>>> ...
>>>>>> The URL endpoint /ipa/rest suggests that if we implement a complete
>>>>>> REST
>>>>>> API for IPA it would live here. Is the API supposed to be
>>>>>> future-compatible? (The API itself seems to be a good subset of a
>>>>>> complete REST API, but can we easily add an frontend with
>>>>>> authentication, i18n, etc. here later, and keep the limitations for
>>>>>> unauthenticated access?)
>>>>>> Perhaps /ipa/smartproxy would be a better choice?
>>>>>
>>>>> It was future-proofing. I'm fine with changing the URI, it is
>>>>> probably a good
>>>>> thing to save that name.
>>>>
>>>> +1 for moving to /ipa/smartproxy/rest, we will want a complete REST
>>>> interface
>>>> in ipa/rest/ in the future. I rather opened a ticket to track that:
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/4168
>>>>
>>>> Martin
>>>>
>>>
>>> I think I've addressed most of Petr's suggestions with the exception
>>> of the global ipa handle and I stuck with *args, **options as this is
>>> pretty much standard in IPA calls.
>>>
>>> The gssproxy.conf.snippet just makes it easier to copy/paste. I can
>>> drop it if you want, I suppose it is duplication.
>>>
>>> Note that I ran this past the Foreman design again and as a result
>>> added another interface, /realm. It was my understanding that this
>>> Foreman design wasn't set into stone but a patch is working its way
>>> through their system that followed the spec so I went ahead and added
>>> it. It isn't a big deal, the Host() class handles it out of the box.
>>>
>>> I also updated the design page a bit to reflect some of the changes
>>> made.
>>>
>>> Right now there are no plans to backport python-kerberos to F20.
>>>
>>> rob
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> Recently we had a ticket in SSSD
>> https://fedorahosted.org/sssd/ticket/2217
>> Should we have a similar one for IPA client and especially for the
>> proxy?
>> Proxy will be a long term running process so dealing with the stale
>> tickets becomes important for it if replica is re-installed. Is it
>> something that is solved in API level or on the proxy level?
>> Should we have a separate ticket for that?
>
> Using gss-proxy so it's not our problem. We never touch tickets.
>
> rob
>
Does gss proxy solve this problem?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list