Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Python API to support REST API v2 #4900

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Python API to support REST API v2 #4900

wants to merge 1 commit into from

Conversation

edewata
Copy link
Contributor

@edewata edewata commented Nov 12, 2024

The PKIClient class has been added to replace PKIConnection as the main access point to PKI services. By default it will use REST API v2, then fall back to v1 if it's not available. Optionally, PKIClient can be configured to use a specific REST API version.

The InfoClient, CertClient, AccountClient, and UserClient classes have been added/updated to construct the proper REST URL according to the REST API version in PKIClient.

The pki-healthcheck has been updated to use PKIClient. Some simple Python scripts have also been added to demonstrate how to use PKIClient.

New tests have been added to run these scripts against the current CA and KRA which support both REST API v1 and v2 and also against an older CA that only supports REST API v1.

@edewata
Update Python API to support REST API v2
601574f 
The PKIClient class has been added to replace PKIConnection
as the main access point to PKI services. By default it will
use REST API v2, then fall back to v1 if it's not available.
Optionally, PKIClient can be configured to use a specific
REST API version.

The InfoClient, CertClient, AccountClient, and UserClient
classes have been added/updated to construct the proper REST
URL according to the REST API version in PKIClient.

The pki-healthcheck has been updated to use PKIClient. Some
simple Python scripts have also been added to demonstrate
how to use PKIClient.

New tests have been added to run these scripts against the
current CA and KRA which support both REST API v1 and v2
and also against an older CA that only supports REST API v1.
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 12, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
12.7% Duplication on New Code

See analysis details on SonarCloud

@rcritten rcritten mentioned this pull request Nov 12, 2024
Open
@rcritten
Copy link
Contributor

It is unexpected that one has to always pass in port when instantiating PKIClient when using a URL. If no port is provided for an http/https connection the port should default to 80/443.

@rcritten
Copy link
Contributor

list_certs is not working:

import pki.ca
import pki.cert
import pki.client
import pki.systemcert

pki_client = pki.client.PKIClient(url='https://ipa.example.test:443', verify=True)
print("API version %s" % pki_client.get_api_version())

ca_client = pki.ca.CAClient(pki_client)
cert_client = pki.cert.CertClient(ca_client)

print(cert_client.get_cert(1))

print(cert_client.list_certs(size=1))

Fails with a huge traceback but the bottom-line error is:

*** requests.exceptions.HTTPError: 404 Client Error: Not Found for url: https://ipa.example.test:443/ca/v2/certs/search?size=1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmarco76 fmarco76 Awaiting requested review from fmarco76

@rcritten rcritten Awaiting requested review from rcritten

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@edewata @rcritten