Port relevant applications over to fasjson #4
Comments
|
This issue makes no sense. |
relrod
changed the title
|
I don't have access to pull this over, in our to do lane on AAA. Can you do this? |
|
I'm not sure what to do here, could we have more details please? |
|
We need to stand up fasjson (https://github.com/fedora-infra/fasjson) and test porting our apps that use the current FAS API to it. This includes things like zodbot (supybot-fedora), sigul bridge (checks to make sure user is in the In pretty much every case, the apps are just doing simple read-only checks against the API which fasjson is built for. So the apps need to point to fasjson instead and do those read-only checks against it instead of FAS. |
|
Breakin this down into other user stories see links . @abompard to add user stories ( Issues ) |
abompard
changed the title
|
We need to build an exhaustive list of applications that use the FAS API. Then, for each of those apps, we need to start a local instance with the configuration pointing at the fasjson instance that we will have available thanks to #3, and make sure they keep working properly. Acceptance criteria:
DoD: all of the above are met. |
|
Before you port your applications, please compile a list of requirements. The fasjson code is a demo (aka quick hack). I literally spent less than 10 minutes to come up with the JSON response. At a bare minimum we should come up with a versioning scheme and proper error codes. |
|
If I understand correctly, the point of fasjson is to mimic the current FAS API but getting data from LDAP. Was that not what you had in mind when you wrote it @tiran Note to @sfinn85 : we need to schedule some User Stories to check that the code actually mimics what FAS currently returns, before we port applications to it. |
|
The fasjson API is loosely based on the technical requirements specification from meetings between CPE and IPA managers and engineers. The implementation is a proof of concept (and even documented as PoC). |
|
Okay, so the first item in the Acceptance Criteria is a good starting point for formulating some more formal requirements. What is actually using the current FAS API? I have made a wikipage here to try to make a list, and have added the two mentioned in this thread, supybot-fedora and sigul. https://github.com/fedora-infra/fasjson/wiki |
|
Just wondering what the best approach to this is. Would the better approach be to keep the fasjson api simple (the current FAS one is far from simple), and then when porting the applications over, no use the python-fedora module at all? |
|
So, I think we should stop using python-fedora for this, since this API should be restricted, in that it's only available for the applications that we know of. I think we explicitly do not want to offer an API to any random person/app on the internet, given that they can then scrape all of the account data. Given that, I think we should no longer use python-fedora, or at least put it in a new module in that repo, to indicate that this has an entirely different use. Applications can still use SAML2 or OpenID (Connect) to get information about the user that's currently using that app. |
|
OK, so the plan is not for fasjson to mimic the FAS API, but to have its own specific API and port applications over to it, correct? Therefore we need to :
Does this make sense? |
|
1 spike |
The current FAS has an read-only API that some of the Fedora applications use. These applications include zodbot and the sigul bridge.
In the new freeIPA / secuiritas world, such applications will interact with fasjson (https://github.com/fedora-infra/fasjson).
This ticket is to track the porting of these applications over to the new fasjson API
(description updated based on @relrod comment below -- https://github.com/fedora-infra/securitas/issues/56#issuecomment-581444027 )
The text was updated successfully, but these errors were encountered: