Adapt the users service to the HTTP/JSON API

[jreidinger]

Problem

Users section in architecture_2024 is disabled

Solution

Readd it using http API.

Testing

• Tested manually

Only issue found during testing is that some put/delete request does not respond body in this PR and js part complain as it always expect json.

Screenshots

[coveralls]

coverage: 71.573% (-0.5%) from 72.103%
when pulling 7abc0b9 on users_2024
into 61853f4 on architecture_2024.

[imobachgs]

Implementation-wise, it looks good. However, I am not convinced with the API design. But I am not a big fan of users D-Bus API, so it is probably just a consequence.

[imobachgs]

For consistency, we should do the same with other _stream functions. Perhaps we should have a list of small things to fix after the big merge.

[jreidinger]

yeap, it would be consistent

[jreidinger]

btw as all our streams return this quite complex result I think it makes sense to create type in crate::web for easier sharing.

[imobachgs]

I think that having a single /root resource would be more straightforward (and extensible). Let's say that, tomorrow, we want to add another attribute.

We could have the following routes (just an idea):

• GET /root to get the full user.
• PUT (or PATCH) /root to update any of the attributes (just specify the one that changes).
• DELETE /root/password to delete the password.
• DELETE /root/sshkey to delete the SSH key.

Alternatively, we could use PUT to replace the whole resource and PATCH to update only one of the elements.

[jreidinger]

yeap, that is something I mention when I speak about need to have some guide to have consistent API. Both ways is possible. When talking about single resource I even think about having /users/config and methods get and patch. ( put is problematic as root password get is boolean, but patch needs value and encryption ).

[imobachgs]

Here is where the API looks confusing to me. If I need to update the user, I do call PUT on the /users/user route. But, if I want to get the current user, I need to get the info from /users/config.

[jreidinger]

yeap, that is why I mention that we can have that /users/config and patch when need to change it. Question is how much it will be consistent with other APIs we have.

[imobachgs]

Thanks a lot for documenting this. I would add: busctl monitor --address /run/agama/bus as another source of information.

[jreidinger]

well, I think that this busctl monitor and other useful tools for dbus observing belongs more to backend documentation. Either service or rust dir. Here I try to focus mostly on debugging issues with web UI.

[imobachgs]

Yes, sure, but given that you mentioned journalctl too, I think it might be useful.

[jreidinger]

well, I mention journalctl mainly because you see there if request from web UI lands to backend. If it is correctly send there, then I would continue with backend debugging. But maybe we can link backend debugging document from this one.

[imobachgs]

Well, I would avoid having different documents about debugging. All the information about that matter should be in a single place.

[jreidinger]

ok, so lets add it.

[imobachgs]

👍

[jreidinger]

@imobachgs regarding API I think it would be useful to have call tomorrow. I check current http API we have to see if it is consistent or not.

So far it looks quite good and consistent ( sadly users has some specific methods especially for that root password which makes get/put with different data which looks bad ).
Inconsistent API I found:

• in general returning empy json replies in methods that do not require to have response looks kind of strange.
• network/system/apply uses put instead of post which I would expect
• questions use for answer path put and probably post will fit better ( yes, I know I am author :)

[jreidinger]

Just do document result of call:
http API will look like:

/users/root -> get/patch method, where patch allows to set key, password or unset it
/users/initial -> get/put/delete method where put will put whole config for user

and events:

split to two events one when initial user change and one when root user config change

[imobachgs]

In general it looks good. Just a question: are UsersSection and UsersPage tests working again?

[imobachgs]

Well, I would avoid having different documents about debugging. All the information about that matter should be in a single place.

[imobachgs]

I am not sure whether we should return the at all. At some point we could wrap the standard responses objects with our own information.

In any case, if we want to, we should do that in all methods to be consistent.

[jreidinger]

well, response is important if we want to check if call succeed or failed ( method ok on response or if response is added as it is optional for non-get calls). What I do not like even on current get is that it returns true/false if response is not json, which is quite bad API. So providing whole response object is more clear for me.

[imobachgs]

What res means?

[jreidinger]

well, I use it as result of data in event. Maybe I should use to something like changed_data?

[imobachgs]

Or just "changes"

[jreidinger]

Good question about tests. It is not enabled, so lets do it and do proper mocking in it