fasjson makes it possible for applications to talk to the fedora account system.

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

Fedora Account System / IPA JSON gateway

Installation

Install dependencies

dnf install ipa-client httpd mod_auth_gssapi mod_session python3-mod_wsgi python3-poetry

Install WSGI app

poetry config virtualenvs.create false
poetry install
cp ansible/roles/fasjson/files/fasjson.wsgi /srv/

Enroll the system as an IPA client

$ ipa-client-install

Get service keytab for HTTPd

ipa service-add HTTP/$(hostname)
ipa servicedelegationrule-add-member --principals=HTTP/$(hostname) fasjson-delegation
ipa-getkeytab -p HTTP/$(hostname) -k /var/lib/gssproxy/httpd.keytab
chown root:root /var/lib/gssproxy/httpd.keytab
chmod 640 /var/lib/gssproxy/httpd.keytab

Configure GSSProxy for Apache

cp ansible/roles/fasjson/files/config/gssproxy-fasjson.conf /etc/gssproxy/99-fasjson.conf
systemctl enable gssproxy.service
systemctl restart gssproxy.service

Configure temporary files

cp ansible/roles/fasjson/files/config/tmpfiles-fasjson.conf /etc/tmpfiles.d/fasjson.conf
systemd-tmpfiles --create

Tune SELinux Policy

setsebool -P httpd_can_connect_ldap=on

Configure Apache

mkdir mkdir -p /etc/systemd/system/httpd.service.d
cp ansible/roles/fasjson/files/config/systemd-httpd-service-fasjson.conf /etc/systemd/system/httpd.service.d/fasjson.conf
cp ansible/roles/fasjson/files/config/httpd-fasjson.conf /etc/httpd/conf.d/fasjson.conf
systemctl daemon-reload
systemctl enable httpd.service
systemctl restart httpd.service

Usage

$ kinit
$ curl --negotiate -u : http://$(hostname)/fasjson/v1/groups/
{"result": [{"name": "test-group", "uri": "http://$(hostname)/fasjson/v1/groups/test-group/"}]}
$ curl --negotiate -u : http://$(hostname)/fasjson/v1/groups/admins/
{"result": {"name": "test-group", "uri": "http://fasjson.example.test/fasjson/v1/groups/test-group/"}}
$ curl --negotiate -u : http://$(hostname)/fasjson/v1/users/admin/
{"result": {"username": "admin", "surname": "Administrator", "givenname": "", "emails": ["admin@$(domain)"], "ircnicks": null, "locale": "fr_FR", "timezone": null, "gpgkeyids": null, "creation": "2020-04-23T10:16:35", "locked": false, "uri": "http://$(hostname)/fasjson/v1/users/admin/"}}
$ curl --negotiate -u : http://$(hostname)/fasjson/v1/me/
{"result": {"dn": "uid=admin,cn=users,cn=accounts,dc=$(domain)", "username": "admin", "uri": "http://$(hostname)/fasjson/v1/users/admin/"}}

TODO

documentation
HTTPS

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

1.6.0

Sep 21, 2023

1.5.0

Aug 29, 2022

1.4.0

Jul 1, 2022

1.3.0

Jun 29, 2022

1.2.1

May 16, 2022

1.2.0

Nov 5, 2021

1.1.0

May 11, 2021

1.0.0

Apr 15, 2021

0.0.6

Sep 23, 2020

0.0.5

Sep 23, 2020

0.0.4

Sep 14, 2020

0.0.3

Jul 22, 2020

This version

0.0.2

May 13, 2020

0.0.1

Nov 19, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fasjson-0.0.2.tar.gz (24.6 kB view hashes)

Uploaded May 13, 2020 Source

Built Distribution

fasjson-0.0.2-py3-none-any.whl (35.2 kB view hashes)

Uploaded May 13, 2020 Python 3

Hashes for fasjson-0.0.2.tar.gz

Hashes for fasjson-0.0.2.tar.gz
Algorithm	Hash digest
SHA256	`19a5d1f4fc63cf99325b0e7c7d5539702e0558dcab56864acf6e04ab46faa47e`
MD5	`5280c62b147d5d8492f2ffbf8864b924`
BLAKE2b-256	`93b9bfe93415dc5cfd58e084b8f4118b954035453b72c0863e7c3c1d8ea9169c`

Hashes for fasjson-0.0.2-py3-none-any.whl

Hashes for fasjson-0.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`89d1604a27875bebe4162850791eb269986b2ee644434942e20139deaf3d24cc`
MD5	`77126db7f1d0505e7f4b3f1c81b323a7`
BLAKE2b-256	`e6aa0317a36901051245cb824c3c0d885f8633671a9c158161b1a1fa44f083ca`