Publish JSONRPC interface for the external applications to connect to it.
As part of this effort, we should:
Bumping priority of this effort. Also moving to NEEDS_TRIAGE to consider re-prioritization of it.
This will probably translate in Web UI tool able to traverse and get the info about the API.
3.4 development was shifted for one month, moving tickets to reflect reality better.
We decided to push this out of 3.4, it is not a priority for this release.
Starting to shape next release
This may be a related effort: #4083.
Alexander created a simple BASH example, how session can be created with Kerberos/simple auth and the JSON API itself can then be used with just the session cookie:
# cat testcurl.sh s_username=admin s_password=Test1234 HOSTNAME=`hostname` COOKIEJAR=my.cookie.jar #rm -f $COOKIEJAR klist -s use_kerberos=$? if [ ! -f $COOKIEJAR ] ; then if [ $use_kerberos -eq 1 ] ; then curl -v \ -H referer:https://$HOSTNAME/ipa \ -H "Content-Type:application/x-www-form-urlencoded" \ -H "Accept:text/plain"\ -c $COOKIEJAR -b $COOKIEJAR \ --cacert /etc/ipa/ca.crt \ --data "user=$s_username&password=$s_password" \ -X POST https://$HOSTNAME/ipa/session/login_password else curl -v \ -H referer:https://$HOSTNAME/ipa \ -c $COOKIEJAR -b $COOKIEJAR \ --cacert /etc/ipa/ca.crt \ --negotiate -u : \ -X POST https://$HOSTNAME/ipa/session/login_kerberos fi fi curl -v \ -H referer:https://$HOSTNAME/ipa \ -H "Content-Type:application/json" \ -H "Accept:applicaton/json"\ -c $COOKIEJAR -b $COOKIEJAR \ --cacert /etc/ipa/ca.crt \ -d '{"method":"user_find","params":[[""],{}],"id":0}' \ -X POST https://$HOSTNAME/ipa/session/json
Please note that this is still a rough sketch of the procedure, it needs to be polished and made BASH-friendly (like using BASH booleans (use_kerberos) in a proper way).
This is one of the examples that should be provided with the API docs, more should come (at least Python and ideally also C and Ruby).
This is core milestone, not backlog - updating.
Alexander published an article how to run JSON-RPC calls: https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/
Metadata Update from @dpal: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 4.2
Login to comment on this ticket.