[Freeipa-devel] [PATCH] jderose 017 Giant WebUI patch part 1

[Rob Crittenden]

Jason Gerard DeRose wrote:
> This is a big patch to get everyone synced up with what I'm doing on the webUI.
> The Engine is currently *very* dumb because I need to tare through a bunch of
> plugin metadata, make a lot of changes, but doing that is likely going to make
> merging any outstanding patches too difficult, break any work in progress.  I
> even I backed out some crazier changes I had made, realizing the headache I was
> inviting.
> 
> So what I propose is acking this and acking any other outstanding patches, and
> then quickly making the needed metadata changes in a coordinated fashion (read:
> Rob, Pavel, and I staying pretty much lock-step for a few days).  The metadata
> changes aren't a lot of work, but they are very disruptive as they will change
> the plugin API slightly and will affect every Command and Object plugin we have
> (which by my count is currently 108 plugins).
> 
> Some highlights:
> 
> * lite-xmlrpc.py and lite-webui.py have been replaced by the new lite-server.py
>   script, which mounts XML-RPC, JSON-RPC, and the WebUI all on the same paths
>   as they would be under Apache (but on a different port).
> 
> * Per above, the default xmlrpc_uri is now http://localhost:8888/ipa/xml
> 
> * The IPA server is now a WSGI application. A few pieces still are missing, most
>   notably running all this under Apache, but it's 90% there.  Currently under
>   Apache things will still run the same as before, just XML-RPC and not through
>   the new Backend.xmlserver WSGI interface.  Because IPA is a WSGI app, I think
>   we should strongly consider running IPA under mod_wsgi instead of mod_python,
>   although running under mod_python is still possible with a mod_python <=> WSGI
>   adapter.
> 
> * For flexibility and to ease debugging, the XML-RPC and JSON-RPC services can
>   now also be called via GET or POST query strings.  For example:
> 
>     http://localhost:8888/ipa/json/user_add?givenname=Jason&sn=DeRose
> 
>   Or
> 
>     http://localhost:8888/ipa/xml/user_add?givenname=Jason&sn=DeRose
> 
>   Is the same as:
> 
>     api.Command.user_add(givenname='Jason', sn='DeRose')
> 
> * In theory, lite-server.py supports SSL, but there is a bug in paste 1.7.2 that
>   prevents it from working under Python 2.6.  To turn on SSL, just place a PEM
>   format cert at ~/.ipa/lite.pem
> 
> 
> Anyway, this gives everyone something to play with/review till I get back from
> PTO on Thursday.
> 
> Cheers,
> Jason

Have a bunch of questions/issues before I can ack this:

- We need to get the wehjit library accepted into Fedora ASAP
- There is a change to ipa-server-install that reverts your previous 
patch, 016
- This patch includes the previous SSO patch that we can't commit until 
we get an alternative for the Crypto package on some distros
- Is it going to be confusing to register the jsonserver in a file named 
  xmlserver.py?
- in rpcserver.py::extract_query(environ) should an error be raised if 
these conditions aren't met? For example, you do a POST and the 
content-type isn't application/x-www-form-urlencoded

Otherwise looks ok. I'm not opposed to switching to WSGI as long as we 
have feature parity.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090908/61cdeab8/attachment.bin>