[Freeipa-devel] [PATCH] 800 rpc-client: add forms based auth support
Petr Vobornik
pvoborni at redhat.com
Thu May 7 11:34:04 UTC 2015
On 05/06/2015 04:25 PM, Milan Kubik wrote:
> On 02/19/2015 03:51 PM, Petr Vobornik wrote:
>> This patch is a prerequisite for patch 801 which will follow. It was
>> developed to enable to use ipalib RPC client in Web UI tests. Plus it
>> will enable to significantly speed up Web UI tests suite (if
>> preparation of data is transformed to use this method).
>>
>> Partly related https://fedorahosted.org/freeipa/ticket/4772 and
>> https://fedorahosted.org/freeipa/ticket/4307
>>
>>
>> Leverage session support to enable forms-based authenticate in rpc
>> client.
>>
>> In order to do that session support in KerbTransport was moved to new
>> SessionTransport. RPCClient.create_connection is then modified to
>> force forms-based auth if new optional options - user and password are
>> specified. For this case SessionTransport is used and user is
>> authenticated by calling
>> 'https://ipa.server/ipa/session/login_password'. Session cookie is
>> stored and used in subsequent calls.
>>
>> This feature is usable for use cases where one wants to call the API
>> without being on ipa client. Non-being on ipa client also means that
>> IPA's NSS database and configuration is not available. Therefore one
>> has to define "~/.ipa/default.conf" in a similar way as ipa client
>> does and prepare a NSS database with IPA CA cert.
>>
>> Usage:
>>
>> api.Backend.rpcclient.connect(
>> nss_dir=my_nss_dir_path,
>> user=user,
>> password=password
>> )
>>
>> It's possible to switch users with:
>>
>> api.Backend.rpcclient.disconnect()
>>
>> api.Backend.rpcclient.connect(
>> nss_dir=my_nss_dir_path,
>> user=other_user,
>> password=other_password
>> )
>>
>> Or check connection with:
>>
>> api.Backend.rpcclient.isconnected()
>>
>> Example: download a CA cert and add it to a new temporary NSS database:
>> from urllib2 import urlparse
>> from ipaplatform.paths import paths
>> from ipapython import certdb, ipautil
>> from ipapython.ipautil import run
>> from ipalib import x509
>>
>> # create new NSSDatabase
>> tmp_db = certdb.NSSDatabase()
>> pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password())
>> tmp_db.create_db(pwd_file.name)
>>
>> # download and add cert
>> url = urlparse.urlunparse(('http', ipautil.format_netloc(ipa_server),
>> '/ipa/config/ca.crt', '', '', ''))
>> stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
>> certs = x509.load_certificate_list(stdout, tmp_db.secdir)
>> ca_certs = [cert.der_data for cert in certs]
>> for i, cert in enumerate(ca_certs):
>> tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1), 'C,,')
>>
>> my_nss_dir_path = tmp_db.secdir
>>
>>
>
> thanks for the patch. Please, fix the pep8 complaints.
I've fixed existing E128 error in imports. But the remaining:
$ git diff HEAD~1 -U0 | pep8 --diff
./ipalib/rpc.py:518:80: E501 line too long (86 > 79 characters)
./ipalib/rpc.py:524:80: E501 line too long (84 > 79 characters)
./ipalib/rpc.py:609:80: E501 line too long (80 > 79 characters)
./ipalib/rpc.py:634:80: E501 line too long (82 > 79 characters)
./ipalib/rpc.py:641:80: E501 line too long (94 > 79 characters)
./ipalib/rpc.py:796:80: E501 line too long (80 > 79 characters)
./ipalib/rpc.py:800:80: E501 line too long (82 > 79 characters)
./ipalib/rpc.py:913:80: E501 line too long (84 > 79 characters)
I won't fix. Since it's just E501 in moved code.
>
> Can someone else look at the code as well, please?
>
> Thanks,
> Milan
>
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0800-1-rpc-client-add-forms-based-auth-support.patch
Type: text/x-patch
Size: 20244 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150507/37d2bec2/attachment.bin>
More information about the Freeipa-devel
mailing list