juju api and authenticated request
John Arbash Meinel
john at arbash-meinel.com
Fri Feb 7 07:32:16 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/07/2014 05:09 AM, Adam Stokes wrote:
> I read through the docs/api.txt to try and get an understanding of
> how to connect to juju's api server and what I've come up with so
> far is the following:
>
> #!/usr/bin/env perl
>
> use Mojo::UserAgent; use 5.14.0; use DDP;
>
> my $ua = Mojo::UserAgent->new;
>
> $ua->websocket('wss://192.168.122.16:17070' => json => {
> 'RequestId' => 1, 'Type' => 'Admin', 'Request' => 'Login', 'Params'
> => {'Tag' => 'machine-0', 'Password' =>
> 'f0d44f279b47cc8b5f7ea291f5e3b30a', 'Nonce' => 'fake_nonce'} } =>
> sub { my ($ua, $tx) = @_; say "failed ".$tx->error; p $tx->req; p
> $tx->res; } ); Mojo::IOLoop->start unless
> Mojo::IOLoop->is_running;
The "Nonce" is used by machine/unit agents, and not by Users. I'm a
bit surprised by Perl, given we have something called Mojo that is
written in Python.
apiInfo := &api.Info{
Addrs: endpoint.Addresses,
CACert: []byte(endpoint.CACert),
Tag: names.UserTag(info.APICredentials().User),
Password: info.APICredentials().Password,
}
You generally shouldn't be able to log in as a machine agent
(machine-0 in your above name). Instead you would expect to log in as
"user-admin".
So something more liek:
'Params' => {'Tag' => 'user-admin',
'Password' => # Value taken as admin-secret from environments.yaml}
In the go code above, the reason to supply CACert is because we do
strict connection checking, it isn't something that goes over the wire.
>
> This is very early stages and the code doesn't work as it returns
> a 403. My question is am I on the right track for accessing the
> apiserver over a websocket connection? Should I be passing the
> params as json? The port, and params used are obtained through
I do believe the params should be JSON content, but there is a fair
bit to work out the formatting of content on the wire.
> ~/.juju/environments/local.jenv after a `juju bootstrap`. Should I
> be passing the certs through as well? I went through some of the
> test cases and attempted to decipher how that worked but now I'm a
> bit stuck as to where to go next. The errors returned so far have
> just been 403 forbidden.
>
> Also, is this even the right place I should be for messing around
> with RPC and juju? :)
>
> Thanks!
>
>
That seems a reasonable place, though there is already Python code in
https://launchpad.net/python-jujuclient
and
https://launchpad.net/canonical-mojo
that already have the ability to do most of the stuff you probably
want to do. I realize that isn't in Perl, but you could at least use
it as a starting point/reference code?
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL0i/4ACgkQJdeBCYSNAAN3+QCZASMui/ooDvNlHqssUIXImkYZ
4GcAnjFmwYgrb8hVE6gpEbJl4459WoLp
=6fa2
-----END PGP SIGNATURE-----
More information about the Juju
mailing list