juju api and authenticated request

John Arbash Meinel john at arbash-meinel.com
Fri Feb 7 07:32:16 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/07/2014 05:09 AM, Adam Stokes wrote:
> I read through the docs/api.txt to try and get an understanding of
> how to connect to juju's api server and what I've come up with so
> far is the following:
> 
> #!/usr/bin/env perl
> 
> use Mojo::UserAgent; use 5.14.0; use DDP;
> 
> my $ua = Mojo::UserAgent->new;
> 
> $ua->websocket('wss://192.168.122.16:17070' => json => { 
> 'RequestId' => 1, 'Type' => 'Admin', 'Request' => 'Login', 'Params'
> => {'Tag' => 'machine-0', 'Password' =>
> 'f0d44f279b47cc8b5f7ea291f5e3b30a', 'Nonce' => 'fake_nonce'} } =>
> sub { my ($ua, $tx) = @_; say "failed ".$tx->error; p $tx->req; p
> $tx->res; } ); Mojo::IOLoop->start unless
> Mojo::IOLoop->is_running;

The "Nonce" is used by machine/unit agents, and not by Users. I'm a
bit surprised by Perl, given we have something called Mojo that is
written in Python.

	apiInfo := &api.Info{
		Addrs:    endpoint.Addresses,
		CACert:   []byte(endpoint.CACert),
		Tag:      names.UserTag(info.APICredentials().User),
		Password: info.APICredentials().Password,
	}

You generally shouldn't be able to log in as a machine agent
(machine-0 in your above name). Instead you would expect to log in as
"user-admin".

So something more liek:

'Params' => {'Tag' => 'user-admin',
  'Password' => # Value taken as admin-secret from environments.yaml}

In the go code above, the reason to supply CACert is because we do
strict connection checking, it isn't something that goes over the wire.


> 
> This is very early stages and the code doesn't work as it returns
> a 403. My question is am I on the right track for accessing the 
> apiserver over a websocket connection? Should I be passing the
> params as json? The port, and params used are obtained through

I do believe the params should be JSON content, but there is a fair
bit to work out the formatting of content on the wire.

> ~/.juju/environments/local.jenv after a `juju bootstrap`. Should I
> be passing the certs through as well? I went through some of the
> test cases and attempted to decipher how that worked but now I'm a
> bit stuck as to where to go next. The errors returned so far have
> just been 403 forbidden.
> 
> Also, is this even the right place I should be for messing around
> with RPC and juju? :)
> 
> Thanks!
> 
> 

That seems a reasonable place, though there is already Python code in
https://launchpad.net/python-jujuclient
and
https://launchpad.net/canonical-mojo

that already have the ability to do most of the stuff you probably
want to do. I realize that isn't in Perl, but you could at least use
it as a starting point/reference code?

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlL0i/4ACgkQJdeBCYSNAAN3+QCZASMui/ooDvNlHqssUIXImkYZ
4GcAnjFmwYgrb8hVE6gpEbJl4459WoLp
=6fa2
-----END PGP SIGNATURE-----



More information about the Juju mailing list