[Spacewalk-list] Read-only API-user

Mon Sep 17 13:28:09 UTC 2012

Thanks, this looks like an acceptable way of controlling access to the API with the current lack of permission granularity in SPW itself.

Martin

| -----Original Message-----
| From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-
| bounces at redhat.com] On Behalf Of Tomas Zajpt
| Sent: Monday, September 17, 2012 2:32 PM
| To: spacewalk-list at redhat.com
| Subject: Re: [Spacewalk-list] Read-only API-user
| 
| Hi,
| 
| we are implementing this to our xmlrpc proxy. Spacewalk users permissions
| with more granularity would be very helpful.
| 
| Python example:
| #!/usr/bin/env python
| 
| from SimpleXMLRPCServer import SimpleXMLRPCServer from
| SimpleXMLRPCServer import SimpleXMLRPCRequestHandler import
| xmlrpclib
| 
| config = {
|         "spacewalk_url"      :  "http://spacewalk.example.com/rpc/api",
|         "spacewalk_login"    : "api",
|         "spacewalk_password" : "Password!",
| 
|         "proxy_port"         : 8000,
|         "proxy_rpc_path"     : "/proxy",
| }
| 
| 
| class RequestHandler(SimpleXMLRPCRequestHandler):
|     rpc_paths = (config["proxy_rpc_path"],)
| 
| 
| def spacewalk_login():
|     "login to spacewalk (xmlrpc)"
|     client = xmlrpclib.Server(config["spacewalk_url"])
|     key = client.auth.login(config["spacewalk_login"],
| config["spacewalk_password"])
|     return client, key
| 
| 
| def spacewalk_logout(client, key):
|     "logout from spacewalk (xmlrpc)"
|     client.auth.logout(key)
| 
| 
| #spacewalk function for registrationa
| #_________________________________________________________
| ____________________________
| def systemgroup_list_systems(group):
|     "call systemgroup.listSystems from spacewalk"
|     client, key = spacewalk_login()
|     result = client.systemgroup.listSystems(key, group)
|     spacewalk_logout(client, key)
|     return result
| 
| 
| def system_get_network(server_id):
|     "call client.system.getNetwork from spacewalk"
|     client, key = spacewalk_login()
|     result = client.system.getNetwork(key, server_id)
|     spacewalk_logout(client, key)
| 
| #....etc
| 
| if __name__ == "__main__":
|     #function list for registration
|     export_functions = [systemgroup_list_systems, system_get_network,
|                         system_get_name, system_list_packages,
|                         system_list_systems, system_download_system_id,
|                         system_get_id, system_set_mid, kasa_get_params,
|                         system_set_ticketportal]
| 
|     #create server
|     server = SimpleXMLRPCServer(("", config["proxy_port"]),
| requestHandler=RequestHandler)
|     server.register_introspection_functions()
| 
|     #register functions
|     for f in export_functions:
|         server.register_function(f)
|     #run the server's main loop
|     server.serve_forever()
| 
| 
| 
| Regards, Tomas
| 
| 
| 2012/9/11 Martin Eggen <mare at steria.no>:
| > Hi,
| >
| >
| >
| > I'm looking for how to implement a read-only API user for producing
| > reports, as far as I can tell there have been some requests for this
| > in the past, but
| > https://fedorahosted.org/spacewalk/wiki/Features/SupportUser does not
| > seem to have much activity? Should I just create a regular user with
| system-wide access?
| >
| >
| >
| > regards,
| >
| >
| >
| > Martin
| >
| >
| >
| >
| >
| >
| >
| >
| > ________________________________
| > This email originates from Steria AS, Biskop Gunnerus' gate 14a,
| > N-0051 OSLO, http://www.steria.no. This email and any attachments may
| > contain confidential/intellectual property/copyright information and
| > is only for the use of the addressee(s). You are prohibited from
| > copying, forwarding, disclosing, saving or otherwise using it in any
| > way if you are not the
| > addressee(s) or responsible for delivery. If you receive this email by
| > mistake, please advise the sender and cancel it immediately. Steria
| > may monitor the content of emails within its network to ensure
| > compliance with its policies and procedures. Any email is susceptible
| > to alteration and its integrity cannot be assured. Steria shall not be
| > liable if the message is altered, modified, falsified, or even edited.
| >
| > _______________________________________________
| > Spacewalk-list mailing list
| > Spacewalk-list at redhat.com
| > https://www.redhat.com/mailman/listinfo/spacewalk-list
| 
| _______________________________________________
| Spacewalk-list mailing list
| Spacewalk-list at redhat.com
| https://www.redhat.com/mailman/listinfo/spacewalk-list

This email originates from Steria AS, Biskop Gunnerus' gate 14a, N-0051 OSLO, http://www.steria.no. This email and any attachments may contain confidential/intellectual property/copyright information and is only for the use of the addressee(s). You are prohibited from copying, forwarding, disclosing, saving or otherwise using it in any way if you are not the addressee(s) or responsible for delivery. If you receive this email by mistake, please advise the sender and cancel it immediately. Steria may monitor the content of emails within its network to ensure compliance with its policies and procedures. Any email is susceptible to alteration and its integrity cannot be assured. Steria shall not be liable if the message is altered, modified, falsified, or even edited.