kelvin-rest-api-client 2.2.3

Python library to interact with the UCS@school Kelvin REST API.

Python UCS@school Kelvin REST API Client

Python library to interact with the UCS@school Kelvin REST API.

• Free software: GNU Affero General Public License version 3

• Documentation: https://kelvin-rest-api-client.readthedocs.io

Features

• Asynchronous

• Automatic handling of HTTP(S) sessions

• Type annotations

• ~95% test coverage (unittests + integration tests)

• Python 3.7, 3.8, 3.9, 3.10

Compatibility

A list of UCS@school Kelvin REST API server versions which introduce breaking changes can be found in the [UCS@school Kelvin REST API Documentation](https://docs.software-univention.de/ucsschool-kelvin-rest-api/kelvin-client-compatibility.html).

Usage

The Session context manager opens and closes a HTTP session:

>>> import asyncio
>>> from ucsschool.kelvin.client import Session, User, UserResource
>>>
>>> async def get_user(username: str) -> User:
...     async with Session(
...         "USERNAME",
...         "PASSWORD",
...         "master.ucs.local",
...         verify="ucs-root-ca.crt"
...     ) as session:
...         return await UserResource(session=session).get(name=username)
...
>>> obj = asyncio.run(get_user("demo_student"))
>>>
>>> print(obj)
User('name'='test_user', dn='uid=test_user,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=example,dc=com')
>>> print(obj.firstname, obj.lastname)
Test User

There are more examples in the docs usage section.

For HTTPS to work, the SSL CA of the target system (UCS Master) must either be publicly signed, installed on the client system or available as file (as in the example above). If the SSL CA certificate is not available verify=False. Obviously that is not safe! The CA of any UCS server can always be downloaded from http://FQDN.OF.UCS/ucs-root-ca.crt.

Installation

Install UCS@school Kelvin REST API Client via pip from PyPI:

$ pip install kelvin-rest-api-client

Tests

There are some isolated unittests, but most tests run against a real UCS@school Kelvin REST API. A UCS Docker container has been prepared for this (additionally to the Kelvin API Docker container). The Makefile automates downloading and starting the Docker containers (3.2 GB GB) and running the tests. It is also possible to use an existing UCS DC Master with UCS@school and the Kelvin API installed.

The tests expect the existence of two schools (OUs) on the target system (the Kelvin API does not support creation of schools yet). The schools are DEMOSCHOOL and DEMOSCHOOL2. The first one usually already exists, but trying to create it again is safe. To create the schools run on the UCS DC Master:

$ /usr/share/ucs-school-import/scripts/create_ou DEMOSCHOOL
$ /usr/share/ucs-school-import/scripts/create_ou DEMOSCHOOL2

Furthermore an email domain must exist:

$ udm mail/domain create \
    --ignore_exists \
    --position "cn=domain,cn=mail,$(ucr get ldap/base)" \
    --set name="$(ucr get domainname)"

Since version 1.5.0 the Kelvin REST API supports UDM properties in all resources. A configuration is required for the tests for this feature:

$ cat > /etc/ucsschool/kelvin/mapped_udm_properties.json <<__EOF__
{
    "user": ["title"],
    "school_class": ["mailAddress"],
    "school": ["description"]
}
__EOF__

The provided UCS Docker containers already contain both OUs. They can be started using the Makefile:

$ make start-docker-containers

Downloading Docker image '..-ucsschool-udm-rest-api-only:stable-4.4-8'...
Downloading Docker image '../ucsschool-kelvin-rest-api:1.5.5'...
Starting UCS docker container...
Waiting for UCS docker container to start...
Waiting for IP address of UCS container...
Waiting for UDM REST API...........
Creating Kelvin REST API container...
Configuring Kelvin REST API container...
Rebuilding the OpenAPI client library in the Kelvin API Container...
Starting Kelvin REST API server...
Waiting for Kelvin docker container to start...
Waiting for IP address of Kelvin container...
Waiting for Kelvin API...
Fixing log file permissions...
Setting up reverse proxy...
==> UDM REST API log file: /tmp/udm-rest-api-log/directory-manager-rest.log
==> UDM REST API: http://172.17.0.2/univention/udm/
==> Kelvin API configs: /tmp/kelvin-api/configs/
==> Kelvin API hooks: /tmp/kelvin-api/kelvin-hooks/
==> Kelvin API log file: /tmp/kelvin-api/log/http.log
==> Kelvin API: http://172.17.0.3:8911/ucsschool/kelvin/v1/docs
==> Kelvin API: https://172.17.0.2/ucsschool/kelvin/v1/docs

The Docker containers can be stopped and removed by running:

$ make stop-and-remove-docker-containers

The Docker images will not be removed, only the running containers.

Run tests with current Python interpreter:

$ make test

Using tox the tests can be executed with all supported Python versions:

$ make test-all

To use an existing UCS server for the tests, copy the file tests/test_server_example.yaml to tests/test_server.yaml and adapt the settings before starting the tests:

$ cp tests/test_server_example.yaml tests/test_server.yaml
$ $EDITOR tests/test_server.yaml
# check settings with a single test:
$ python -m pytest tests/test_user.py::test_get
# if OK, run all tests:
$ make test

Logging

Standard logging is used for tracking the libraries activity. To capture the log messages for this project, subscribe to a logger named ucsschool.kelvin.client. Attention: Passwords and session tokens will be logged at log level DEBUG!

The UCS@school Kelvin REST API on the UCS server logs into the file /var/log/univention/ucsschool-kelvin-rest-api/http.log. The UDM REST API on the UCS server logs into the file /var/log/univention/directory-manager-rest.log.

Repo permissions

• Github: @dansan and @JuergenBS

• Gitlab: @JuergenBS

• PyPI: @dansan and @SamuelYaron

• RTD: @dansan and @SamuelYaron

Credits

History

2.2.3 (2023-06-22)

• %xx escaped names of school classes, users and workgroups are now unescaped.

2.2.2 (2023-04-14)

• Support HEAD for SchoolClass, User, WorkGroup, and Role.

2.2.1 (2022-12-15)

• Use deepcopy in to_dict method to prevent values of udm_properties from being updated in objects which are copied.

2.2.0 (2022-10-13)

• Support Http Accept-Language Header.

2.1.0 (2022-10-07)

• Support HEAD for School.

2.0.1 (2022-10-05)

• Use detailed upstream error message in InvalidRequest exception messages.

2.0.0 (2022-09-10)

• API Change: The required argument school in the User constructor has now the default argument None. The argument name is not required anymore. Optional values, which are set to None, are not passed to the Kelvin server anymore. This enables automatic value generation on the Kelvin REST API server. To make use of this, the attributes can be either set to None, the empty string "" or left out completely. Additionally, you have to create a schema for the corresponding attribute on the Kelvin REST API server.

• Send a correlation ID with each request.

1.7.1 (2022-08-30)

• Loosen dependency constraints.

1.7.0 (2022-07-07)

• Support user workgroups attribute.

1.6.1 (2022-06-30)

• Ignore unknown attributes in KelvinObject child classes.

1.6.0 (2022-06-27)

• Add support for workgroup resource.

1.5.2.1 (2022-04-05)

• Fixed: Logger does replace values of credentials with placeholders.

1.5.2 (2022-02-22)

• Automatic tests now run with Python 3.7 - 3.10.

• Fixed: The timeout attribute from a session instance is now used for requests.

1.5.1 (2021-11-30)

• Add attribute expiration_date to the User class. The attribute was added to the Kelvin REST API app in version 1.5.1.

1.5.0 (2021-09-21)

• Add attribute udm_properties to classes School and SchoolClass. The attributes were added to the Kelvin REST API app in version 1.5.0.

0.3.0 (2021-05-04)

• Add support for the creation of school (OU) objects.

0.2.2 (2020-11-09)

• Add support for the kelvin_password_hashes attribute of the User class.

0.2.1 (2020-08-07)

• fix JWT token validity calculation: timestamp uses UTC

• documentation fixes

• dependency updates

• tests also run on Python 3.9-dev

0.2.0 (2020-04-17)

• move tox to test requirements

• fix user object creation with default parameters

• change as_dict to be a method instead of a property

• fix flaky tests

• improve test coverage

• pass more env args to tox

• fix AttributeError with repr(role)

• add complete usage documentation

0.1.0 (2020-04-16)

• First release.