#3129 [RFE] Publication of JSON-RPC API
Closed: Fixed None Opened 9 years ago by dpal.

Publish JSONRPC interface for the external applications to connect to it.

As part of this effort, we should:

  • Add JSONRPC API browser/generated doc
  • Add JSONRPC documentation covering:
    • The whole workflow and guidance how external parties should authenticate, get session cookie and use the API
    • Provide the major language (Python, Ruby, JavaScript, ideally C) examples that users could use in their externals projects

Bumping priority of this effort. Also moving to NEEDS_TRIAGE to consider re-prioritization of it.

This will probably translate in Web UI tool able to traverse and get the info about the API.

3.4 development was shifted for one month, moving tickets to reflect reality better.

We decided to push this out of 3.4, it is not a priority for this release.

Starting to shape next release

This may be a related effort: #4083.

Alexander created a simple BASH example, how session can be created with Kerberos/simple auth and the JSON API itself can then be used with just the session cookie:

# cat testcurl.sh s_username=admin
s_password=Test1234
HOSTNAME=`hostname`
COOKIEJAR=my.cookie.jar
#rm -f $COOKIEJAR

klist -s
use_kerberos=$?

if [ ! -f $COOKIEJAR ] ; then
 if [ $use_kerberos -eq 1 ] ; then
    curl -v  \
        -H referer:https://$HOSTNAME/ipa  \
        -H "Content-Type:application/x-www-form-urlencoded" \
        -H "Accept:text/plain"\
        -c $COOKIEJAR -b $COOKIEJAR \
        --cacert /etc/ipa/ca.crt  \
        --data "user=$s_username&password=$s_password" \
        -X POST       https://$HOSTNAME/ipa/session/login_password
  else
    curl -v  \
        -H referer:https://$HOSTNAME/ipa  \
        -c $COOKIEJAR -b $COOKIEJAR \
        --cacert /etc/ipa/ca.crt  \
        --negotiate -u : \
        -X POST       https://$HOSTNAME/ipa/session/login_kerberos
  fi
fi

curl -v  \
        -H referer:https://$HOSTNAME/ipa  \
        -H "Content-Type:application/json" \
        -H "Accept:applicaton/json"\
        -c $COOKIEJAR -b $COOKIEJAR \
        --cacert /etc/ipa/ca.crt  \
        -d  '{"method":"user_find","params":[[""],{}],"id":0}' \
        -X POST       https://$HOSTNAME/ipa/session/json

Please note that this is still a rough sketch of the procedure, it needs to be polished and made BASH-friendly (like using BASH booleans (use_kerberos) in a proper way).

This is one of the examples that should be provided with the API docs, more should come (at least Python and ideally also C and Ruby).

This is core milestone, not backlog - updating.

  • ba0a1c6 include more information in metadata
  • 114f11f webui: ListViewWidget
  • 8d8aa60 webui: fix webui specific metadata
  • 392809f webui: menu and navigation fixes
  • 2a97633 webui: API browser

Metadata Update from @dpal:
- Issue assigned to pvoborni
- Issue set to the milestone: FreeIPA 4.2

4 years ago

Login to comment on this ticket.

Metadata