[Freeipa-devel] [PATCH] 1106 IPA REST smart proxy
Rob Crittenden
rcritten at redhat.com
Fri Feb 14 02:02:56 UTC 2014
Dmitri Pal wrote:
> On 02/13/2014 06:07 PM, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On 01/28/2014 09:35 PM, Rob Crittenden wrote:
>>>> Petr Viktorin wrote:
>>>>> On 01/23/2014 02:17 PM, Petr Viktorin wrote:
>>> ...
>>>>> The URL endpoint /ipa/rest suggests that if we implement a complete
>>>>> REST
>>>>> API for IPA it would live here. Is the API supposed to be
>>>>> future-compatible? (The API itself seems to be a good subset of a
>>>>> complete REST API, but can we easily add an frontend with
>>>>> authentication, i18n, etc. here later, and keep the limitations for
>>>>> unauthenticated access?)
>>>>> Perhaps /ipa/smartproxy would be a better choice?
>>>>
>>>> It was future-proofing. I'm fine with changing the URI, it is
>>>> probably a good
>>>> thing to save that name.
>>>
>>> +1 for moving to /ipa/smartproxy/rest, we will want a complete REST
>>> interface
>>> in ipa/rest/ in the future. I rather opened a ticket to track that:
>>>
>>> https://fedorahosted.org/freeipa/ticket/4168
>>>
>>> Martin
>>>
>>
>> I think I've addressed most of Petr's suggestions with the exception
>> of the global ipa handle and I stuck with *args, **options as this is
>> pretty much standard in IPA calls.
>>
>> The gssproxy.conf.snippet just makes it easier to copy/paste. I can
>> drop it if you want, I suppose it is duplication.
>>
>> Note that I ran this past the Foreman design again and as a result
>> added another interface, /realm. It was my understanding that this
>> Foreman design wasn't set into stone but a patch is working its way
>> through their system that followed the spec so I went ahead and added
>> it. It isn't a big deal, the Host() class handles it out of the box.
>>
>> I also updated the design page a bit to reflect some of the changes made.
>>
>> Right now there are no plans to backport python-kerberos to F20.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> Recently we had a ticket in SSSD
> https://fedorahosted.org/sssd/ticket/2217
> Should we have a similar one for IPA client and especially for the proxy?
> Proxy will be a long term running process so dealing with the stale
> tickets becomes important for it if replica is re-installed. Is it
> something that is solved in API level or on the proxy level?
> Should we have a separate ticket for that?
Using gss-proxy so it's not our problem. We never touch tickets.
rob
More information about the Freeipa-devel
mailing list