fasjson makes it possible for applications to talk to the fedora account system.
Project description
Fedora Account System / IPA JSON gateway
Installation
Install dependencies
dnf install ipa-client httpd mod_auth_gssapi mod_session python3-mod_wsgi python3-poetry
Install WSGI app
poetry config virtualenvs.create false
poetry install
cp ansible/roles/fasjson/files/fasjson.wsgi /srv/
Enroll the system as an IPA client
$ ipa-client-install
Get service keytab for HTTPd
ipa service-add HTTP/$(hostname)
ipa servicedelegationrule-add-member --principals=HTTP/$(hostname) fasjson-delegation
ipa-getkeytab -p HTTP/$(hostname) -k /var/lib/gssproxy/httpd.keytab
chown root:root /var/lib/gssproxy/httpd.keytab
chmod 640 /var/lib/gssproxy/httpd.keytab
Configure GSSProxy for Apache
cp ansible/roles/fasjson/files/config/gssproxy-fasjson.conf /etc/gssproxy/99-fasjson.conf
systemctl enable gssproxy.service
systemctl restart gssproxy.service
Configure temporary files
cp ansible/roles/fasjson/files/config/tmpfiles-fasjson.conf /etc/tmpfiles.d/fasjson.conf
systemd-tmpfiles --create
Tune SELinux Policy
setsebool -P httpd_can_connect_ldap=on
Configure Apache
mkdir mkdir -p /etc/systemd/system/httpd.service.d
cp ansible/roles/fasjson/files/config/systemd-httpd-service-fasjson.conf /etc/systemd/system/httpd.service.d/fasjson.conf
cp ansible/roles/fasjson/files/config/httpd-fasjson.conf /etc/httpd/conf.d/fasjson.conf
systemctl daemon-reload
systemctl enable httpd.service
systemctl restart httpd.service
Usage
$ kinit
$ curl --negotiate -u : http://$(hostname)/fasjson/v1/groups/
{"result": [{"name": "test-group", "uri": "http://$(hostname)/fasjson/v1/groups/test-group/"}]}
$ curl --negotiate -u : http://$(hostname)/fasjson/v1/groups/admins/
{"result": {"name": "test-group", "uri": "http://fasjson.example.test/fasjson/v1/groups/test-group/"}}
$ curl --negotiate -u : http://$(hostname)/fasjson/v1/users/admin/
{"result": {"username": "admin", "surname": "Administrator", "givenname": "", "emails": ["admin@$(domain)"], "ircnicks": null, "locale": "fr_FR", "timezone": null, "gpgkeyids": null, "creation": "2020-04-23T10:16:35", "locked": false, "uri": "http://$(hostname)/fasjson/v1/users/admin/"}}
$ curl --negotiate -u : http://$(hostname)/fasjson/v1/me/
{"result": {"dn": "uid=admin,cn=users,cn=accounts,dc=$(domain)", "username": "admin", "uri": "http://$(hostname)/fasjson/v1/users/admin/"}}
TODO
- documentation
- HTTPS
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
fasjson-0.0.2.tar.gz
(24.6 kB
view details)
Built Distribution
fasjson-0.0.2-py3-none-any.whl
(35.2 kB
view details)
File details
Details for the file fasjson-0.0.2.tar.gz.
File metadata
- Download URL: fasjson-0.0.2.tar.gz
- Upload date:
- Size: 24.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.0.5 CPython/3.7.7 Linux/5.5.17-200.fc31.x86_64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 19a5d1f4fc63cf99325b0e7c7d5539702e0558dcab56864acf6e04ab46faa47e |
|
| MD5 | 5280c62b147d5d8492f2ffbf8864b924 |
|
| BLAKE2b-256 | 93b9bfe93415dc5cfd58e084b8f4118b954035453b72c0863e7c3c1d8ea9169c |
File details
Details for the file fasjson-0.0.2-py3-none-any.whl.
File metadata
- Download URL: fasjson-0.0.2-py3-none-any.whl
- Upload date:
- Size: 35.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.0.5 CPython/3.7.7 Linux/5.5.17-200.fc31.x86_64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 89d1604a27875bebe4162850791eb269986b2ee644434942e20139deaf3d24cc |
|
| MD5 | 77126db7f1d0505e7f4b3f1c81b323a7 |
|
| BLAKE2b-256 | e6aa0317a36901051245cb824c3c0d885f8633671a9c158161b1a1fa44f083ca |
