juju api and authenticated request

John Arbash Meinel john at arbash-meinel.com
Fri Feb 7 07:32:16 UTC 2014

Hash: SHA1

On 02/07/2014 05:09 AM, Adam Stokes wrote:
> I read through the docs/api.txt to try and get an understanding of
> how to connect to juju's api server and what I've come up with so
> far is the following:
> #!/usr/bin/env perl
> use Mojo::UserAgent; use 5.14.0; use DDP;
> my $ua = Mojo::UserAgent->new;
> $ua->websocket('wss://' => json => { 
> 'RequestId' => 1, 'Type' => 'Admin', 'Request' => 'Login', 'Params'
> => {'Tag' => 'machine-0', 'Password' =>
> 'f0d44f279b47cc8b5f7ea291f5e3b30a', 'Nonce' => 'fake_nonce'} } =>
> sub { my ($ua, $tx) = @_; say "failed ".$tx->error; p $tx->req; p
> $tx->res; } ); Mojo::IOLoop->start unless
> Mojo::IOLoop->is_running;

The "Nonce" is used by machine/unit agents, and not by Users. I'm a
bit surprised by Perl, given we have something called Mojo that is
written in Python.

	apiInfo := &api.Info{
		Addrs:    endpoint.Addresses,
		CACert:   []byte(endpoint.CACert),
		Tag:      names.UserTag(info.APICredentials().User),
		Password: info.APICredentials().Password,

You generally shouldn't be able to log in as a machine agent
(machine-0 in your above name). Instead you would expect to log in as

So something more liek:

'Params' => {'Tag' => 'user-admin',
  'Password' => # Value taken as admin-secret from environments.yaml}

In the go code above, the reason to supply CACert is because we do
strict connection checking, it isn't something that goes over the wire.

> This is very early stages and the code doesn't work as it returns
> a 403. My question is am I on the right track for accessing the 
> apiserver over a websocket connection? Should I be passing the
> params as json? The port, and params used are obtained through

I do believe the params should be JSON content, but there is a fair
bit to work out the formatting of content on the wire.

> ~/.juju/environments/local.jenv after a `juju bootstrap`. Should I
> be passing the certs through as well? I went through some of the
> test cases and attempted to decipher how that worked but now I'm a
> bit stuck as to where to go next. The errors returned so far have
> just been 403 forbidden.
> Also, is this even the right place I should be for messing around
> with RPC and juju? :)
> Thanks!

That seems a reasonable place, though there is already Python code in

that already have the ability to do most of the stuff you probably
want to do. I realize that isn't in Perl, but you could at least use
it as a starting point/reference code?


Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the Juju mailing list