<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body>
<div class="moz-cite-prefix">On 02/19/2015 03:51 PM, Petr Vobornik
wrote:<br>
</div>
<blockquote cite="mid:54E5F883.1090702@redhat.com" type="cite">This
patch is a prerequisite for patch 801 which will follow. It was
developed to enable to use ipalib RPC client in Web UI tests. Plus
it will enable to significantly speed up Web UI tests suite (if
preparation of data is transformed to use this method).
<br>
<br>
Partly related <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/4772">https://fedorahosted.org/freeipa/ticket/4772</a> and
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/4307">https://fedorahosted.org/freeipa/ticket/4307</a>
<br>
<br>
<br>
Leverage session support to enable forms-based authenticate in rpc
client.
<br>
<br>
In order to do that session support in KerbTransport was moved to
new
<br>
SessionTransport. RPCClient.create_connection is then modified to
<br>
force forms-based auth if new optional options - user and password
are
<br>
specified. For this case SessionTransport is used and user is
<br>
authenticated by calling
<br>
'<a class="moz-txt-link-freetext" href="https://ipa.server/ipa/session/login_password">https://ipa.server/ipa/session/login_password</a>'. Session cookie is
<br>
stored and used in subsequent calls.
<br>
<br>
This feature is usable for use cases where one wants to call the
API
<br>
without being on ipa client. Non-being on ipa client also means
that
<br>
IPA's NSS database and configuration is not available. Therefore
one
<br>
has to define "~/.ipa/default.conf" in a similar way as ipa client
<br>
does and prepare a NSS database with IPA CA cert.
<br>
<br>
Usage:
<br>
<br>
api.Backend.rpcclient.connect(
<br>
nss_dir=my_nss_dir_path,
<br>
user=user,
<br>
password=password
<br>
)
<br>
<br>
It's possible to switch users with:
<br>
<br>
api.Backend.rpcclient.disconnect()
<br>
<br>
api.Backend.rpcclient.connect(
<br>
nss_dir=my_nss_dir_path,
<br>
user=other_user,
<br>
password=other_password
<br>
)
<br>
<br>
Or check connection with:
<br>
<br>
api.Backend.rpcclient.isconnected()
<br>
<br>
Example: download a CA cert and add it to a new temporary NSS
database:
<br>
from urllib2 import urlparse
<br>
from ipaplatform.paths import paths
<br>
from ipapython import certdb, ipautil
<br>
from ipapython.ipautil import run
<br>
from ipalib import x509
<br>
<br>
# create new NSSDatabase
<br>
tmp_db = certdb.NSSDatabase()
<br>
pwd_file =
ipautil.write_tmp_file(ipautil.ipa_generate_password())
<br>
tmp_db.create_db(pwd_file.name)
<br>
<br>
# download and add cert
<br>
url = urlparse.urlunparse(('http',
ipautil.format_netloc(ipa_server),
<br>
'/ipa/config/ca.crt', '', '', ''))
<br>
stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
<br>
certs = x509.load_certificate_list(stdout, tmp_db.secdir)
<br>
ca_certs = [cert.der_data for cert in certs]
<br>
for i, cert in enumerate(ca_certs):
<br>
tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1),
'C,,')
<br>
<br>
my_nss_dir_path = tmp_db.secdir
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
Hi,<br>
<br>
thanks for the patch. Please, fix the pep8 complaints.<br>
<br>
Can someone else look at the code as well, please?<br>
<br>
Thanks,<br>
Milan<br>
</body>
</html>