juju api and authenticated request
Kapil Thangavelu
kapil.thangavelu at canonical.com
Fri Feb 7 08:59:53 UTC 2014
you could also have a look at jujuclient (pypi) for python examples
(deployer, quickstart, mojo, etc build on it).
ie. using jujuclient
from jujuclient import Environment
env = Environment(JUJU_ENV_URI)
env.login(JUJU_ENV_SECRET, "admin")
print env.status()
underneath the hoods its just the following json request on the websocket.
self._rpc({"Type": "Admin", "Request": "Login",
"Params": {"AuthTag": user, "Password": password}})
i've got some experiments that implement agent apis if that's of interest
as well (not included in jujuclient) if that's of interest.
-k
On Fri, Feb 7, 2014 at 9:32 AM, John Arbash Meinel
<john at arbash-meinel.com>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/07/2014 05:09 AM, Adam Stokes wrote:
> > I read through the docs/api.txt to try and get an understanding of
> > how to connect to juju's api server and what I've come up with so
> > far is the following:
> >
> > #!/usr/bin/env perl
> >
> > use Mojo::UserAgent; use 5.14.0; use DDP;
> >
> > my $ua = Mojo::UserAgent->new;
> >
> > $ua->websocket('wss://192.168.122.16:17070' => json => {
> > 'RequestId' => 1, 'Type' => 'Admin', 'Request' => 'Login', 'Params'
> > => {'Tag' => 'machine-0', 'Password' =>
> > 'f0d44f279b47cc8b5f7ea291f5e3b30a', 'Nonce' => 'fake_nonce'} } =>
> > sub { my ($ua, $tx) = @_; say "failed ".$tx->error; p $tx->req; p
> > $tx->res; } ); Mojo::IOLoop->start unless
> > Mojo::IOLoop->is_running;
>
> The "Nonce" is used by machine/unit agents, and not by Users. I'm a
> bit surprised by Perl, given we have something called Mojo that is
> written in Python.
>
> apiInfo := &api.Info{
> Addrs: endpoint.Addresses,
> CACert: []byte(endpoint.CACert),
> Tag: names.UserTag(info.APICredentials().User),
> Password: info.APICredentials().Password,
> }
>
> You generally shouldn't be able to log in as a machine agent
> (machine-0 in your above name). Instead you would expect to log in as
> "user-admin".
>
> So something more liek:
>
> 'Params' => {'Tag' => 'user-admin',
> 'Password' => # Value taken as admin-secret from environments.yaml}
>
> In the go code above, the reason to supply CACert is because we do
> strict connection checking, it isn't something that goes over the wire.
>
>
> >
> > This is very early stages and the code doesn't work as it returns
> > a 403. My question is am I on the right track for accessing the
> > apiserver over a websocket connection? Should I be passing the
> > params as json? The port, and params used are obtained through
>
> I do believe the params should be JSON content, but there is a fair
> bit to work out the formatting of content on the wire.
>
> > ~/.juju/environments/local.jenv after a `juju bootstrap`. Should I
> > be passing the certs through as well? I went through some of the
> > test cases and attempted to decipher how that worked but now I'm a
> > bit stuck as to where to go next. The errors returned so far have
> > just been 403 forbidden.
> >
> > Also, is this even the right place I should be for messing around
> > with RPC and juju? :)
> >
> > Thanks!
> >
> >
>
> That seems a reasonable place, though there is already Python code in
> https://launchpad.net/python-jujuclient
> and
> https://launchpad.net/canonical-mojo
>
> that already have the ability to do most of the stuff you probably
> want to do. I realize that isn't in Perl, but you could at least use
> it as a starting point/reference code?
>
> John
> =:->
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlL0i/4ACgkQJdeBCYSNAAN3+QCZASMui/ooDvNlHqssUIXImkYZ
> 4GcAnjFmwYgrb8hVE6gpEbJl4459WoLp
> =6fa2
> -----END PGP SIGNATURE-----
>
> --
> Juju mailing list
> Juju at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/juju
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20140207/3c44229d/attachment.html>
More information about the Juju
mailing list