Many thanks for the ansible pointer, Alexander.

 

As far as API automation, I see two immediate use-cases (and I will file an issue)

1. Some bundled commands for use by IdM admins for user management:  Add a user along with all the necessary additional permissions.   These would use the admin-user's current keytab.

2. Information gathering scripts.  Is it possible to set up a read-only service keytab for this ?

 

I want to use Python to be able to capture and process the responses without all the extra console output of the command line.

______________________________________________________________________________________________

 

Daniel E. White
daniel.e.white@nasa.gov

NICS Linux Engineer
NASA Goddard Space Flight Center
8800 Greenbelt Road
Building 14, Room E175
Greenbelt, MD 20771

Office: (301) 286-6919

Mobile: (240) 513-5290

 

From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wednesday, February 12, 2020 at 01:42
To: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: Daniel White <daniel.e.white@nasa.gov>, Rob Crittenden <rcritten@redhat.com>
Subject: [EXTERNAL] Re: [Freeipa-users] Re: Is there any documentation for the ipapython library ?

 

On ti, 11 helmi 2020, Rob Crittenden via FreeIPA-users wrote:

White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote:

I would like to create some python automation scripts using it.

 

 

Only the limited docs within the file(s) themselves + usage found

elsewhere within IPA.

 

We are trying to keep the API more stable than the past by deprecating

things we move but there is no guarantee (I've been bitten myself by

this in the past). So use with care.

 

Please also file tickets at pagure.io/freeipa/issues describing your

intended use of API. We are planning to create a simpler API on top of

existing one to make sure it is not preventing us to refactor internals

where possible. Knowing use cases would help a lot.

 

Also, ansible-freeipa project should provide you a healthy base for

automation. It does have wrappers for many objects already, beyond just

installing the servers and clients.

 

 

--

/ Alexander Bokovoy

Sr. Principal Software Engineer

Security / Identity Management Engineering

Red Hat Limited, Finland